July 20, 2017 by

Apple Update Patch Fixes Exploit Enabling Hacker Takeover via WiFi

Released on Wednesday, the new iOS 10.3.3 update closes a critical wi-fi vulnerability that allows malicious hackers to take over Apple iPhones at will over a corrupted WiFi network.

A potentially damaging exploit hidden in the iPhone’s Wi-Fi chipset, dubbed ‘Broadpwn’, enabled hackers target a broad range of devices including manufacturers developing devices for the Android platform such as LG, HTC and Samsung. Scoring 9.8 out of 10 on the US National Institute of Standards and Technology’s severity scale, the Broadpwn exploit was patched by Google for Android devices on July 5.

“An attacker within range may be able to execute arbitrary code on the Wi-Fi chip,” Apple explained in its release notes accompanying the update.

As described by the Institute, the issue read:

Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code via unspecified vectors, aka the “Broadpwn” issue.

The vulnerability was discovered by Exodus Intelligence researcher Nitay Artenstein who will detail the hack at the Black Hat conference in August. The researcher will also explain how to hack the main OS as well as controlling the chip.

The vulnerability fundamentally affections millions of Android and iOS devices and can be triggered remotely without any need for user interaction. “The Broadcom BCM43xx family of Wi-Fi chips is found in an extraordinarily wide range of mobile devices – from various iPhone models to HTC, LG, Nexus and practically the full range of Samsung flagship devices,” an explainer from BlackHat adds.

For Apple devices specifically, the new update patches the vulnerability which is notably present in models between the iPhone 5 and iPhone 7, the fourth-generation iPad and its later versions as well as the iPod Touch 6th generation.

Image credit: Pixabay.

About the author

Image of Author

LIFARS is a digital forensics and cybersecurity intelligence firm based in New York City. LIFARS is ranked as one of the top Digital Forensics and Cyber Investigations companies in 2016 and as one of the top cybersecurity companies in the New York metropolitan area for 2015 on the Cybersecurity 500 – a directory of the hottest and most innovative companies to watch in the cybersecurity industry.