Google Project Zero has disclosed the details of two critical remote code execution vulnerabilities affecting the Broadcom Wi-Fi chips found in many Android and iOS devices.
The flaws, identified as CVE-2017-11120 and CVE-2017-11121, were patched in Android on September 5 with this month’s security updates and in iOS on September 19 with the release of iOS 11. tvOS versions prior to 11 are also impacted.
Until now, the only details known about these vulnerabilities were the fact that they are memory corruptions that could allow arbitrary code execution, and that they affect Broadcom Wi-Fi drivers.
Advisories made public late on Monday by Gal Beniamini of Google Project Zero provide additional details about the flaws and the Broadcom chips they affect.
“Broadcom produces Wi-Fi HardMAC SoCs which are used to handle the PHY and MAC layer processing. These chips are present in both mobile devices and Wi-Fi routers, and are capable of handling many Wi-Fi related events without delegating to the host OS,” the researcher explained.
To read the original article: