Reprinted from TidBITS by permission; reuse governed by Creative Commons
license BY-NC-ND 3.0. TidBITS has offered years of thoughtful commentary
on Apple and Internet topics. For free email subscriptions and access to the
entire TidBITS archive, visit http://www.tidbits.com/


   iOS 10.3.3 Patches High-Profile BroadPwn Flaw

   Adam C. Engst

   The ThreatPost blog has called out the fact that Apple's recently
   released [1]iOS 10.3.3 patches a high-profile flaw known as BroadPwn.
   The BroadPwn vulnerability, which affects Broadcom's BCM43xx family of
   Wi-Fi chips, allows an attacker within Wi-Fi range to execute code on
   the Wi-Fi chips of affected devices. Exactly what an attacker could do
   from that point remains unknown, but said code would be running
   underneath the operating system.

   The practical upshot of this is that you should update to iOS 10.3.3
   soon. Most security vulnerabilities are either limited in what they can
   do or how attackers can use them, but our security editor, Rich Mogull,
   said that BroadPwn looks to be one of the worst vulnerabilities he has
   seen in a while. So hey, just go to Settings > General > Software
   Update and update your iOS 10 devices right now.

   What counts as an affected device? According to Nitay Artenstein, the
   Exodus Intelligence researcher who discovered BroadPwn, the
   vulnerability 'is found in an extraordinarily wide range of mobile
   devices ' from various iPhone models to HTC, LG, Nexus, and practically
   the full range of Samsung flagship devices.' Artenstein will be
   presenting [2]a session on BroadPwn at the Black Hat USA 2017
   Conference.

   In its security notes about iOS 10.3.3, Apple says that the update
   patches the flaw on the iPhone 5 and newer, the fourth-generation iPad
   and newer, and the sixth-generation iPod touch. But that's just because
   those are the only devices that can run iOS 10.

   Older devices remain problematic. For instance, the iPhone 4 and iPhone
   4S, among others, also use vulnerable Broadcom Wi-Fi chips, and because
   they can't run iOS 10.3.3, they are likely vulnerable to BroadPwn.

   As far as I can remember, Apple has never released a security update to
   a previous version of iOS, but since [3]about 8 percent of iOS devices
   are still running an earlier version, that policy puts millions of
   people at risk. We'd like to see Apple follow the same policy it has
   with macOS, where two previous versions of the operating system receive
   security updates.

   Of course, risk is relative. Most people with everyday data on their
   devices have little to worry about, particularly with BroadPwn, which
   requires that an attacker be within Wi-Fi range. However, if you use an
   older, BroadPwn-vulnerable iOS (or Android) device to communicate about
   sensitive government, corporate, or medical topics, now would be a good
   time to switch to a newer device.

References

   1. https://threatpost.com/apple-patches-broadpwn-bug-in-ios-10-3-3/126955/
   2. https://www.blackhat.com/us-17/briefings.html#broadpwn-remotely-compromising-android-and-ios-via-a-bug-in-broadcoms-wi-fi-chipsets
   3. https://mixpanel.com/trends/#report/ios_10

.