1. Home >
  2. Internet & Security

New iOS 10.3.3 Update Fixes Critical Wi-Fi Security Bug

Apple released a major security update for iOS 10.3.3 yesterday, with fixes included for some significant bugs. If you're running iOS 10, you'll want to upgrade, immediately.
By Joel Hruska
iPhone malware

There's a new iOS update out, 10.3.3, and if you use Wi-Fi on your iPhone and are still running OS X, you'll want to grab it immediately. There are a number of other security patches and bug fixes within this version of the OS. But the Wi-Fi problem is grabbing the most attention, on account that it allows a remote attacker to gain full access to your smartphone, rather than requiring local access or for users to take a particular action (like unpacking a malicious file).

A full list of bug fixes and security improvements in iOS 10.3.3 is available here(Opens in a new window), though the Wi-Fi announcement is near the bottom of the page:
Wi-Fi Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation Impact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-9417: Nitay Artenstein of Exodus Intelligence.(Emphasis original)

This attack is the iOS version of Broadpwn, which Google patched a critical update back on July 5, CNET reports(Opens in a new window). This attack has been given a score(Opens in a new window) of 9.8/10 on the National Institute of Standards and Technology index. It's considered dangerous if you use open Wi-Fi systems, because it gives the attacker the ability to remotely execute code on your device without having your PIN or password.

The attack strikes at weaknesses in the Broadcom BCM43xx family of products, which iPhones have used in every device from the iPhone 5 to the iPhone 7. One thing we do know about this exploit is that it apparently allows the attacker to take full control of the CPU via the Wi-Fi connection.

Broadcom-43xxClick to enlarge.

This isn't the only bug that iOS 10.3.3 fixes, not by a long shot. Multiple WebKit problems are resolved, including some that allowed arbitrary code execution, address bar spoofing, and for the exfiltration of data without the user's knowledge. Several memory corruption issues have also been resolved, and applications are no longer allowed to read restricted memory (apparently a bug allowed this for some period of time). Apple also refers to fixes that prevent apps from executing arbitrary code with system or kernel privileges.

The man who found the Wi-Fi bug, Nitay Artenstein, will be giving a report on it at Black Hat on July 27. Affected devices include the iPhone 5 through iPhone 7 (and all variants in between if running iOS 10), the 4th generation iPad and later versions, and the 6th generation iPod touch. Immediate upgrades are strongly recommended.

Tagged In

Cybersecurity Wi-fi Iphone Security Broadpwn

More from Internet & Security

Subscribe Today to get the latest ExtremeTech news delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of use(Opens in a new window) and Privacy Policy. You may unsubscribe from the newsletter at any time.
Thanks for Signing Up