[ad_1]
There’s a new iOS update out, 10.3.3, and if you use Wi-Fi on your iPhone and are still running OS X, you’ll want to grab it immediately. There are a number of other security patches and bug fixes within this version of the OS. But the Wi-Fi problem is grabbing the most attention, on account that it allows a remote attacker to gain full access to your smartphone, rather than requiring local access or for users to take a particular action (like unpacking a malicious file).
A full list of bug fixes and security improvements in iOS 10.3.3 is available here, though the Wi-Fi announcement is near the bottom of the page:
Wi-Fi
Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
Impact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2017-9417: Nitay Artenstein of Exodus Intelligence.(Emphasis original)
This attack is the iOS version of Broadpwn, which Google patched a critical update back on July 5, CNET reports. This attack has been given a score of 9.8/10 on the National Institute of Standards and Technology index. It’s considered dangerous if you use open Wi-Fi systems, because it gives the attacker the ability to remotely execute code on your device without having your PIN or password.
The attack strikes at weaknesses in the Broadcom BCM43xx family of products, which iPhones have used in every device from the iPhone 5 to the iPhone 7. One thing we do know about this exploit is that it apparently allows the attacker to take full control of the CPU via the Wi-Fi connection.
Click to enlarge. Image by iFixit. It is not clear if users with older devices (iPhone 4, 4s, etc) are affected on older operating systems.
This isn’t the only bug that iOS 10.3.3 fixes, not by a long shot. Multiple WebKit problems are resolved, including some that allowed arbitrary code execution, address bar spoofing, and for the exfiltration of data without the user’s knowledge. Several memory corruption issues have also been resolved, and applications are no longer allowed to read restricted memory (apparently a bug allowed this for some period of time). Apple also refers to fixes that prevent apps from executing arbitrary code with system or kernel privileges.
The man who found the Wi-Fi bug, Nitay Artenstein, will be giving a report on it at Black Hat on July 27. Affected devices include the iPhone 5 through iPhone 7 (and all variants in between if running iOS 10), the 4th generation iPad and later versions, and the 6th generation iPod touch. Immediate upgrades are strongly recommended.
[ad_2]
Source link
0 Response to "New iOS 10.3.3 Update Fixes Critical Wi-Fi Security Bug"
Post a Comment