News Stay informed about the latest enterprise technology news and product updates.

Proof-of-concept iOS exploit released by Google's Project Zero

Google's Project Zero released a proof-of-concept iOS exploit similar to the Broadpwn Wi-Fi flaw that could allow an attacker to run code or implant a backdoor.

A security researcher for Google's Project Zero team has released a proof-of-concept iOS exploit that takes advantage...

of another Broadcom Wi-Fi issue.

The vulnerability that was abused by Gal Beniamini, a security researcher for Google Project Zero based in Israel, was found in the same Broadcom BCM4355C0 Wi-Fi chips affected by the Broadpwn flaw, but is separate. Beniamini confirmed the Broadcom flaw (CVE-2017-11120) affects a range of devices, including the Samsung Galaxy S7 Edge and various Wi-Fi routers, but the exploit he released was specifically for the iPhone 7.

Beniamini wrote in his disclosure that the BCM4355C0 SoC with firmware version 9.44.78.27.0.1.56 did not validate a specific field properly and an iOS exploit could allow code execution and more.

"The exploit gains code execution on the Wi-Fi firmware on the iPhone 7," Beniamini wrote. "Upon successful execution of the exploit, a backdoor is inserted into the firmware, allowing remote read/write commands to be issued to the firmware via crafted action frames (thus allowing easy remote control over the Wi-Fi chip)."

However, Beniamini's proof-of-concept iOS exploit requires knowledge of the MAC address of the target device, which may make using this attack in the wild more difficult.

Beniamini said his iOS exploit was tested against the Wi-Fi firmware in iOS 10.2 "but should work on all versions of iOS up to 10.3.3."

Apple has patched against this iOS exploit in iOS 11 and Google patched the same Broadcom flaw in its September Security Update for Android. Users are urged to update, if possible. 

Next Steps

Learn more about the Broadpwn exploit, the world's first Wi-Fi worm.

Take a look at the official iOS and Android security reports.

Get info on addressing privacy and security issues with Android VPNs.

Dig Deeper on Mobile security threats and prevention

PRO+

Content

Find more PRO+ content and other member only offers, here.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Does your organization use a mobile security solution to protect against iOS exploits?
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close