Apple rushes out iOS patch for wi-fi vulnerability

By
Follow google news

Update: Code execution on wi-fi chip foiled.

Apple has released an urgent update to its iOS mobile operating system, just days after it distributed a new iOS 10.3 version to iPhone and iPad users around the world.

Apple rushes out iOS patch for wi-fi vulnerability

The update, iOS 10.3.1, takes care of a single vulnerability that could allow attackers to run arbitrary code on the wi-fi chip built into iPhone 5, iPad 4th generation and iPod Touch 6th generation and later devices, Apple said.

Attackers who are in range of vulnerable devices could run code on the devices by exploiting a stack buffer overflow in iOS. 

Apple has now addressed the vulnerability, which was found by researcher Gal Beniamini from Google's Project Zero team, by improving data input validation.

The company released iOS 10.3 on March 28 this year. The update contained patches for 70 vulnerabilities, 18 of which could be exploited for remote code execution. 

Apple last week released a public beta of iOS 10.3.2 for users to test.

Update 5/4/17: Google's Gal Beniamini has published details of the wi-fi vulnerability. 
 
The flaw lies in the firmware for the Broadcom wireless system on a chip, which Apple uses in its devices.
 
Beniamini discovered the firmware lacks security features such as stack cookies, safe unlinking, and access permission protection through the hardware memory protection unit built into the chip.
 
By analysing the firmware and how it interacts with the hardware, Beniamini was able to write an exploit that, via the wireless interface, could overflow the stack buffer in the firmware, and overwrite the memory in the device to achieve arbitrary code execution.
 
Broadcom’s wireless SoCs are also used by Android devices makers. Beniamini’s proof of concept code for the exploit was similarly executed on a Google Nexus 6P.
 
The Google Project Zero researcher noted that Broadcom had been “incredibly responsive and helpful, both in fixing the vulnerabilities, and making the fixes available to affected vendors".
 
Beniamini said he would continue to explore how to further escalate attacker privileges in a second piece of research. He intends to show how to gain control over the wi-fi SoC to take over the host device operating system wirelessly.

 

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
applegoogleiosproject zerosecurity

Sponsored Whitepapers

Fintech compliance made fast and secure
Fintech compliance made fast and secure
How to evaluate SIEM solutions Safeguarding your future Get a demo Download guide
How to evaluate SIEM solutions Safeguarding your future Get a demo Download guide
2025 Security operations insights: Three-quarters of security leaders need something new in SIEM
2025 Security operations insights: Three-quarters of security leaders need something new in SIEM
Sumo Logic named in the 2025 Gartner Critical Capabilities for Security Information and Event Management (SIEM)
Sumo Logic named in the 2025 Gartner Critical Capabilities for Security Information and Event Management (SIEM)
The cloud tipping point
The cloud tipping point

Events

Most Read Articles

Services Australia may get powers to rein in data breach exposure

Services Australia may get powers to rein in data breach exposure
ServiceNow nears deal to buy cyber security startup

ServiceNow nears deal to buy cyber security startup
Apple, Google send new round of cyber threat notifications to users

Apple, Google send new round of cyber threat notifications to users
ASX outage caused by security software upgrade

ASX outage caused by security software upgrade
techpartner.news logo
Sydney-based AI-cloud waste startup raises $3m
Sydney-based AI-cloud waste startup raises $3m
Brennan uses NiCE to modernise its contact centre
Brennan uses NiCE to modernise its contact centre
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Interactive introduces private cloud platform
Interactive introduces private cloud platform
Digital61 expands cybersecurity portfolio
Digital61 expands cybersecurity portfolio

Log In

  |  Forgot your password?