Apple Patches Serious Wi-Fi Exploit In iOS 10.3.3
Owners of iOS devices including iPhones and iPads are being encouraged to update their devices to version 10.3.3 of iOS in order to avoid the risk of falling victim to a Wi-Fi based vulnerability that is exploitable in older versions of the operating system.
The vulnerability, which is related to the wireless chip uses in its iOS devices, has been described as “extremely serious” by security researchers and could leave users who fail to update their device exposed to attack.
Read: How To Downgrade iOS 11 Beta And Restore iOS 10; Remove Buggy Beta From iPhone, iPad And iPod
The bug fixed by the iOS 10.3.3 update is related to three models of the Broadcom wireless chip used by Apple. It affected iPhones 5 and alter, fourth generation iPads and later, and the six generation iPod touch.
The vulnerability—which has been dubbed “Broadpwn” by security researcher Nitay Artenstein of Exodus Intelligence, the discoverer of the flaw—allows an attacker to achieve “full code execution” on a targeted device.
An attack exploiting the Broadpwn vulnerability requires the attacker to be in proximity of the device in order to attack it via Wi-Fi. This could include a targeted attack against a person using a device that is known to be vulnerable or a broader attack made over a heavily trafficked connection like a public Wi-Fi hotspot.
Artenstein is scheduled to reveal more about the attack during a session at Black Hat 2017 in Las Vegas later this month but he has revealed the attack would allow an attacker to remotely execute malicious code on an iOS device without any user interaction required, making the attack potentially devastating to any user affected by it.
Read: iOS 10.3 Jailbreak For iPhone 7 Update: The Latest On The Hack’s Release Prospects
Security researcher Rich Mogull of Securosis told MacWorld the vulnerability “is extremely serious, but we will need to see the full exploit details to determine the real risk to users on all the various devices out there.”
In its release notes for iOS 10.3.3, Apple described the security vulnerability as a “memory corruption issue” that has been addressed with “improved memory handling.” The company acknowledged the vulnerability could allow an attacker “to execute arbitrary code on the Wi-Fi chip.”
The exploit isn’t exclusive to iOS, either. Android devices that used the same Broadcom wireless chips are also at risk of the remote attack. Google issued a patch for Android devices that suffer from the security flaw earlier this month.
How To Update To iOS 10.3.3
iOS 10.3.3 can be installed on an iOS device over a wireless connection or by connecting the device to a computer with iTunes. The update requires 84.6MB of space on the device.
To update over a wireless connection, open the Settings app, tap the General menu and go to Software Update. When iOS 10.3.3 appears, tap download and Install to install the update.
To update via a wired connection, plug the iOS device into a Mac or Windows PC associated with the device. Open iTunes and click Summary, then Check for Update. Click Download and Update to begin the update process.
Related Articles
