It’s always a good idea to accept iOS dot updates as soon as they are available as they generally have significant security fixes. But iOS 10.3.3, released yesterday, fixes one particularly nasty vulnerability, making a swift update a particularly good idea …
Apple’s security document describes it in rather mundane-sounding terms.
Impact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip
Description: A memory corruption issue was addressed with improved memory handling.
But what Nitay Artenstein of Exodus Intelligence discovered – and reported to Apple – was that it was able to exploit the issue to ‘run code in the main application processor.’ In other words, gain complete control of your device.
The underlying issue is a weakness in the Broadcom BCM43xx family of wifi chips. These are used in every iPhone from the iPhone 5 to iPhone 7, as well as 4th-gen iPad and later, and iPod Touch 6th gen. But Artenstein found a way to leverage control of the wifi chip to then take control of the main processor.
Now that the vulnerability is fixed, Artenstein will be sharing full details at the Black Hat conference next week.
It’s not the first time that a bug has allowed an attacker to take control of an iPhone via wifi. Back in 2015, attackers were able to completely disable any device running iOS 8 within range of a given wifi network.