Apple fixes wireless-based remote code execution flaw in iOS

Apple released an iOS update Monday to fix a serious vulnerability that could allow attackers to remotely execute malicious code on the Broadcom Wi-Fi chips used in iPhones, iPads and iPods.

The vulnerability is a stack buffer overflow in the feature that handles authentication responses for the fast BSS transition feature of the 802.11r protocol, also known as fast roaming. This feature allows devices to move easily and securely between different wireless base stations in the same domain.

Hackers can exploit the flaw to execute code in the context of the Wi-Fi chip’s firmware if they’re within the wireless range of the targeted devices.

The issue is one of several flaws found by Google Project Zero researcher Gal Beniamini in the firmware of Broadcom Wi-Fi chips. Some of these vulnerabilities also affect Android devices and have been patched as part of Android’s April security bulletin.

To read this article in full or to leave a comment, please click here

from Computerworld News http://www.computerworld.com/article/3187688/security/apple-fixes-wireless-based-remote-code-execution-flaw-in-ios.html#tk.rss_news

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s