Even if you’re generally a bit hesitant to accept iOS updates until they’ve been out for a while, it might be a good idea to accept the new iOS 10.3.3 update, which was released on Wednesday.
Per Apple’s security document, the update includes the following major fix:
Impact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip
Description: A memory corruption issue was addressed with improved memory handling.
According to Nitay Artenstein of Exodus Intelligence, who discovered the bug and reported it to Apple, the issue allowed an outside party to exploit the issue to ‘run code in the main application processor.’ In other words, gain complete control of your device.
The underlying issue is a weakness in the Broadcom BCM43xx family of wifi chips. These are used in every iPhone from the iPhone 5 to iPhone 7, as well as 4th-gen iPad and later, and iPod Touch 6th gen. But Artenstein found a way to leverage control of the wifi chip to then take control of the main processor.
Given that the vulnerability has been fixed, Artenstein will be sharing full details at the Black Hat conference next week.
It’s not the first time that a bug has allowed an attacker to take control of an iPhone via wifi. Back in 2015, attackers were able to completely disable any device running iOS 8 within range of a given wifi network.
If you’ve tried the iOS 10.3.3 update and have any feedback to offer, please let us know in the comments.
Via 9to5Mac