Skip to main content

PSA: Update to iOS 10.3.3 to fix serious wifi vulnerability allowing attacker complete control

It’s always a good idea to accept iOS dot updates as soon as they are available as they generally have significant security fixes. But iOS 10.3.3, released yesterday, fixes one particularly nasty vulnerability, making a swift update a particularly good idea …

Apple’s security document describes it in rather mundane-sounding terms.

Impact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip

Description: A memory corruption issue was addressed with improved memory handling.

But what Nitay Artenstein of Exodus Intelligence discovered – and reported to Apple – was that it was able to exploit the issue to ‘run code in the main application processor.’ In other words, gain complete control of your device.

The underlying issue is a weakness in the Broadcom BCM43xx family of wifi chips. These are used in every iPhone from the iPhone 5 to iPhone 7, as well as 4th-gen iPad and later, and iPod Touch 6th gen. But Artenstein found a way to leverage control of the wifi chip to then take control of the main processor.

Now that the vulnerability is fixed, Artenstein will be sharing full details at the Black Hat conference next week.

It’s not the first time that a bug has allowed an attacker to take control of an iPhone via wifi. Back in 2015, attackers were able to completely disable any device running iOS 8 within range of a given wifi network.

Via CNET


Check out 9to5Mac on YouTube for more Apple news:

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Ben Lovejoy Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!


Ben Lovejoy's favorite gear