Apple launched iOS10.3.3 modified Broadcom wireless WiFi chip Broadpwn loopholes

  • Comments Off on Apple launched iOS10.3.3 modified Broadcom wireless WiFi chip Broadpwn loopholes
  • 128
  • A+
所属分类:Tech

Apple released the official version of iOS 10.3.3, has been identified in the official version of iOS 10.3.3 to amend a large number of contacts, announcements, information, Bug, there are also for WebKit and WiFi vulnerabilities to amend, this amendment is worth Note that the WiFi chip is a major security leak, this vulnerability can lead to hackers directly through this vulnerability WiFi remote link control iOS system, the US National Institute of Standards and Technology Broadpwn vulnerability assessment is also rated as the highest risk level.

 

The vulnerability chip name for the Broadpwn (vulnerability number CVE-2017-9417), by CheckPoint's security researcher Nitay Artenstein found that the researchers pointed out that Broadpw vulnerability is the main problem from the Broadcom BROADCOM BCM43xx wireless chip have this problem , The group of chips, including many manufacturers like Apple and Andrews have used the mobile phone manufacturers, Apple devices such as iPhone 5 above, the sixth generation iPod Touch models, as well as Andrews phone like hTC, LG, Nexus, Samsung also The same use of this group of chips, the same will cause security concerns, Android also in July 5, 2017 launched a modified patch, Apple has recently officially launched iOS 10.3.3 official version of the patch to fix the problem.

Broadpwn vulnerability is mainly in the chip driver, can lead to iOS devices in the WiFi enabled, without having to connect with the infected AP share, you can directly through the HNDRTE operating system to bypass DEP and ASLR, access Broadcom BROADCOM WiFi chip Permission, Broadpwn found that the BROADCOM WiFi chip heap overflow problems on the issue of a serious BUG, ​​when the device connected to the network received incorrect length WME (Quality-of-Service) will trigger. Due to loopholes into the equipment, the most serious situation can cause an attacker can write some backdoor files, use low privileges to perform arbitrary code for iOS.

Apple launched iOS10.3.3 modified Broadcom wireless WiFi chip Broadpwn loopholes
Artenstein also plans to announce more details about the security vulnerabilities that exist in the Bode BROADCOM BCM4354, 4358, and 4359 internal architectures at the 2017, 2019 Hackers Conference (Black Hat USA 2017).

But the general users do not need to worry too much about this problem, to attack the conditions required for users in the same WiFi network, there is a way to attack, that is, the attacker and the attacker needs to be the same site near the field only way , Can not directly through the Internet remote control attacks. If you are worried about the security of your wifi network, then click on the following and check out what is a premier installer and how it can benefit you.

If you do not intend to jailbreak users, it is recommended to quickly upgrade to iOS 10.3.3, to ensure the safety of equipment. As for the user has been jailbreak, follow-up will continue for you to focus on whether there are plug-ins can be repaired, if the developer will be the first time to write teaching to inform you.