Apple has updated iOS 10 to fix 47 security flaws, including one that can be used to hack iPhones and iPads within Wi-Fi range.
It’s hard to hack iOS without relying on user interaction, but it can still be done by attacking a softer target: the Wi-Fi chip in most Android and iOS devices.
Apple’s latest iOS update, version 10.3.3, addresses yet another critical bug in the Broadcom43xx Wi-Fi chipset on the iPhone.
The vulnerability, known as “Broadpwn” ( CVE-2017-9417), was discovered by researcher Nitay Artenstein of Exodus Intelligence. He’ll detail his hack at the BlackHat conference in August and explain how to move from controlling the chip to hacking the main OS.
Google patched the same issue in its July Android update, which according to Artenstein also affects devices from LG, Google’s Nexus phones, and nearly all Samsung flagships.
Google’s Project Zero researchers, who have also dug into this chipset, believe hackers are likely to target it as an easier entry point than flaws in the better defended OS or apps. Apple patched a similar Broadcom Wi-Fi bug found by Project Zero in iOS 10.3.1 this April.
Apple says the latest memory corruption exploit allows an attacker within Wi-Fi range to execute attack code on the Wi-Fi chip.
The iPhone maker fixed 46 other flaws in its latest update, including a handful of bugs in the iOS kernel, Safari, and its WebKit browser engine.
Apple’s macOS update update fixes 37 bugs and 25 bugs in Safari for macOS.
Feature-wise, iOS 10.3.3 offers little, and it may be one of the final updates before iOS 11’s arrival in fall.