APPLE VULNERABILITY PLUG: Drive-by Wi-Fi i-Thing attack, oh my!

APPLE 11111111111111

 

3 Apr 2017 at 22:46, Richard Chirgwin

Apple hasn’t provided much detail, but you don’t want to ignore the latest iOS release – 10.3.1 – because it plugs a very nasty Wi-Fi vulnerability.

Cupertino has rushed out the emergency patch because: “An attacker within range may be able to execute arbitrary code on the Wi-Fi chip” – meaning, presumably, that malicious packets gave attackers a vector.

The fix for the bug, which Apple attributes to Gal Beniamini of Google’s Project Zero, was a buffer overflow fixed by better input validation.

The bug affected iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation and later.

The release of 10.3.1 comes just a week after Apple released 10.3.

9to5Mac notes that while 10.3 left older 32-bit devices off the list, 10.3.1 includes them – indicating how serious Apple views the bug. ®

 

http://www.theregister.co.uk/2017/04/03/driveby_wifi_ithing_fix/

Advertisements