|
樓主 |
發表於 2017-7-24 04:49:58
|
顯示全部樓層
iPhone, iPad owners: Update now to block 'Broadpwn' Wi-Fi hack9 F- T! ?8 G$ i& j, P
http://www.zdnet.com/article/iph ... roadpwn-wi-fi-hack/
9 d2 {$ v j, I5 {9 mApple has used an update to iOS 10 to fix a potentially dangerous Wi-Fi bug affecting most of its hardware.2 O, v# `+ m1 M% X& m) `6 O# V, i
By Liam Tung | July 20, 2017 -- 09:38 GMT (02:38 PDT) | Topic: Security# g. _) _) D3 ]! @
6 l4 e3 O! {4 t' _3 [Apple has updated iOS 10 to fix 47 security flaws, including one that can be used to hack iPhones and iPads within Wi-Fi range.
: Q3 b4 w0 K/ g3 m A N/ `It's hard to hack iOS without relying on user interaction, but it can still be done by attacking a softer target: the Wi-Fi chip in most iOS devices, as well as Android mobiles.
6 d2 D( a3 K+ C( O1 A
' A* M. V3 m* K+ Q0 V, z6 aApple's latest iOS update, version 10.3.3, addresses yet another critical bug in the Broadcom43xx Wi-Fi chipset on the iPhone.; k- ^8 d% Z: k$ P
2 [) k& @* d& {* O5 m% M
The vulnerability, known as 'Broadpwn' (CVE-2017-9417), was discovered by researcher Nitay Artenstein of Exodus Intelligence. He'll detail his hack at the Black Hat conference in August and explain how to move from controlling the chip to hacking the main OS.3 P# ], [4 n) K" S! V4 N
* h/ l e# a0 J6 s0 zGoogle patched the same issue in its July Android update, which according to Artenstein also affects devices from LG, Google's Nexus phones, and nearly all Samsung flagships., s- z* p8 f0 a) Z( y6 h
" Z# ]+ X1 C9 C3 z
Google's Project Zero researchers, who have also investigated the chipset, believe hackers are likely to target it as an easier entry point than flaws in the better defended OS or apps.
/ Q. W; v0 q, V
d: j) j; u1 O. O+ P5 `Apple patched a similar Broadcom Wi-Fi bug found by Project Zero in iOS 10.3.1 this April.$ R: I& |- B' ~( u
3 g: m8 S1 X* o# eApple says the latest memory corruption exploit allows an attacker within Wi-Fi range to execute attack code on the Wi-Fi chip.
2 D; a- u0 @. H3 v" X- I# p- |. N
% u0 s% n1 k5 WThe iPhone maker fixed 46 other flaws in its latest update, including a handful of bugs in the iOS kernel, Safari, and its WebKit browser engine.) j; z W r1 @& Z d9 l
3 r1 @, S* L" j; O# w& J
The Broadpwn bug also affects Mac hardware, Apple TV, and Apple Watch. Apple fixed the issue for Macs in the macOS Sierra 10.12.6 update, and updates for TVos, and watchOS. c6 \3 M0 c' A9 d5 M
9 _2 V& b5 x6 w" K
Apple's macOS update fixes 37 bugs and 25 bugs in Safari for macOS.8 o, w% p1 H% _0 F, h: f* H
a( u0 X- z. w' @3 y2 HFeature-wise, iOS 10.3.3 offers little, and it may be one of the final updates before iOS 11's arrival in fall. |
|