Broadcom fixes wi-fi exploit for Android and iOS devices

By on
Broadcom fixes wi-fi exploit for Android and iOS devices

A Google Project Zero researcher has detailed a series of vulnerabilities in Broadcom's wi-fi chipsets that could potentially allow remote code execution on Android and iOS devices.

Bad actors can potentially exploit this flaw in order to completely take over a device by wi-fi proximity alone, with no user interaction, Project Zero researcher Gal Beniamini reported in a blog post last Tuesday.

According to Beniamini, Broadcom has patched the vulnerabilities in its chipsets and made the fixes available to all affected vendors. Apple and Google have responded by developing fixes for iOS and Android devices, respectively.

Two of the vulnerabilities are stack overflows that can be triggered when connecting to networks that support wireless roaming features. The other two are heap overflow vulnerabilities found in Tunneled Direct Link Setup connections, which allow for the exchange of data between peers without going through the Access Point, helping users avoid data bottlenecks.

SC Media reached out to Broadcom for comment.

This article originally appeared at scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

You must be a registered member of CRN to post a comment.
| Register

Log In

Username / Email:
Password:
  |  Forgot your password?