Apple fixes wireless-based remote code execution flaw in iOS

Apple released an iOS update Monday to fix a serious vulnerability that could allow attackers to remotely execute malicious code on the Broadcom Wi-Fi

Critical Adobe Flash Bug Impacts Windows, macOS, Linux and Chrome OS
Mueller Adds DOJ Cybercrime Prosecutor To His Team
Critics are wrong to slam iPhone X’s new face tech

Apple released an iOS update Monday to fix a serious vulnerability that could allow attackers to remotely execute malicious code on the Broadcom Wi-Fi chips used in iPhones, iPads and iPods.

The vulnerability is a stack buffer overflow in the feature that handles authentication responses for the fast BSS transition feature of the 802.11r protocol, also known as fast roaming. This feature allows devices to move easily and securely between different wireless base stations in the same domain.

Hackers can exploit the flaw to execute code in the context of the Wi-Fi chip’s firmware if they’re within the wireless range of the targeted devices.

The issue is one of several flaws found by Google Project Zero researcher Gal Beniamini in the firmware of Broadcom Wi-Fi chips. Some of these vulnerabilities also affect Android devices and have been patched as part of Android’s April security bulletin.

To read this article in full or to leave a comment, please click here

Go to Source

COMMENTS