Apple Releases iOS 10.3.3, Patching Critical Wi-Fi Vulnerability
Apple pushed a new round of security updates to many of its products on July 19, including macOS and iOS. While both updates provide important security updates, the iOS update is especially critical. In version 10.3.3, Apple fixed a critical vulnerability affecting the device’s operations surrounding wireless networks. How does it work and what is the threat?
Inside each iPhone, from the iPhone 5 to the current iPhone 7, a dedicated chip by Broadcom powers the device’s Wi-Fi functionality. These chips handle important tasks to provide users with quick access to and information about networks in range. The same chips power the Wi-Fi of other smartphones and devices, such as several Android models. The programming inside the BCM43xx series of Broadcom Wi-Fi chips have been found to have a serious security problem, which security researcher Nitay Artenstein recently discovered.
Dubbed “Broadpwn,” an attacker leveraging this exploit would be able to gain some type of access to your device — and even cause it to crash, simply by being within range of your Wi-Fi-enabled phone. A hacker could do this without ever needing to know your AppleID, passcode, or any other information about the device. The exploit appears during the time in which the iPhone scans the area for Wi-Fi networks. The exact mechanism of action is still unknown at this point; Artenstein will present his data on the subject at the Black Hat security conference happening this month. Since the flaw also appears in Android phones, Google has similarly pushed updates to its software.
Needless to say, it is important for iOS users to update as soon as possible to protect themselves from this threat. Broadpwn poses an especially significant risk to public Wi-Fi users, as it is the most likely place for your phone to begin scanning for new networks. While an active exploit is not “in the wild” yet, there is always the chance that someone could attempt to use it after its disclosure at Black Hat. A motivated attacker in public could potentially run rampant among devices if users are slow to apply the update. With the problem now closed, though, and iOS 11 on the horizon, users who press the “Update Now” button can stay safe and secure.