carloscastilla - Fotolia
A security researcher for Google's Project Zero team has released a proof-of-concept iOS exploit that takes advantage of another Broadcom Wi-Fi issue.
The vulnerability that was abused by Gal Beniamini, a security researcher for Google Project Zero based in Israel, was found in the same Broadcom BCM4355C0 Wi-Fi chips affected by the Broadpwn flaw, but is separate. Beniamini confirmed the Broadcom flaw (CVE-2017-11120) affects a range of devices, including the Samsung Galaxy S7 Edge and various Wi-Fi routers, but the exploit he released was specifically for the iPhone 7.
Beniamini wrote in his disclosure that the BCM4355C0 SoC with firmware version 22.214.171.124.0.1.56 did not validate a specific field properly and an iOS exploit could allow code execution and more.
"The exploit gains code execution on the Wi-Fi firmware on the iPhone 7," Beniamini wrote. "Upon successful execution of the exploit, a backdoor is inserted into the firmware, allowing remote read/write commands to be issued to the firmware via crafted action frames (thus allowing easy remote control over the Wi-Fi chip)."
However, Beniamini's proof-of-concept iOS exploit requires knowledge of the MAC address of the target device, which may make using this attack in the wild more difficult.
Beniamini said his iOS exploit was tested against the Wi-Fi firmware in iOS 10.2 "but should work on all versions of iOS up to 10.3.3."
Apple has patched against this iOS exploit in iOS 11 and Google patched the same Broadcom flaw in its September Security Update for Android. Users are urged to update, if possible.
Learn more about the Broadpwn exploit, the world's first Wi-Fi worm.
Take a look at the official iOS and Android security reports.
Get info on addressing privacy and security issues with Android VPNs.