July 24, 2017 – A recently discovered wireless vulnerability in a popular line of Broadcom wireless chips used in many mobile devices has been patched and Coretelligent advises users to upgrade immediately. This exploit has been dubbed “Broadpwn” by security researchers, as this exploit affects hundreds of millions of smartphones and other devices that use a set of Broadcom chips released started a few years ago.
Affected devices are the iPhone 5 and later, fourth-generation iPads and later, and the sixth-generation iPod touch. Apple’s release note explained, “An attacker within range may be able to execute arbitrary code on the Wi-Fi chip,” and attributed its discovery to Nitay Artenstein of Exodus Intelligence. To use this proximity attack, a malicious party would need to be within range of a user with a vulnerable device. That limits the potential effect, but also means that anyone with an unpatched device remains at risk from hackers using heavily trafficked public places or targeted employees of specific companies, organizations, or government agencies.
On July 5, Google released a patch for the flaw for Android systems. Apple’s update (iOS 10.3.3) came on July 19. So far, there have been no reports of this flaw being exploited in the wild.
iOS 10.3.3 – https://support.apple.com/en-us/HT207923
Android Patch – https://source.android.com/security/bulletin/2017-07-01
Coretelligent recommends that all users upgrade their respective iOS or Android devices immediately.
By: Chris Messer, SVP of Technology & Chief Engineer