A security researcher for Google’s Project Zero team has released a proof-of-concept iOS exploit that takes advantage of another Broadcom Wi-Fi issue.
The vulnerability abused by Gal Beniamini, a security researcher for Google Project Zero based in Israel, was found in the same Broadcom BCM4355C0 Wi-Fi chips affected by the Broadpwn flaw, but is separate. Beniamini confirmed the Broadcom flaw (CVE-2017-11120) affects a range of devices, including the Samsung Galaxy S7 Edge and various Wi-Fi routers, but the exploit he released was specifically for the iPhone 7.
Beniamini wrote in his disclosure that the BCM4355C0 SoC with firmware version 220.127.116.11.0.1.56 did not validate a specific field properly and an iOS exploit could allow code execution and more.
« The exploit gains code execution on the Wi-Fi firmware on the iPhone 7, » Beniamini wrote. « Upon successful execution of the exploit, a backdoor is inserted into the firmware, allowing remote read/write commands to be issued to the firmware via crafted action frames (thus allowing easy remote control over the Wi-Fi chip). »
To read the original article: http://searchsecurity.techtarget.com/news/450427255/Proof-of-concept-iOS-exploit-released-by-Googles-Project-Zero?utm_campaign=ssec_security&utm_medium=social&utm_source=twitter&utm_content=1506704420