Today, Google Project 0 has announced the disclosure of a powerful WiFi Chip exploit that exploits a vulnerability of type Buffer Overflow in the Broadcom chip present on some of the Apple devices. Apple has confirmed and patched the vulnerability in iOS 11. You can actually find the security contents of the iOS 11 where Apple claims to have fixed the vulnerabilities pointed out by Gal Beniamini of Google Project 0. 

The vulnerability is a pretty serious one and all 64-Bit devices seem to be affected judging by Apple's security contents page where they claim the vulnerability was present on iPhone 5S and newer, iPad Air and later, and iPod touch 6th generation. According to Apple, "An attacker within range may be able to execute arbitrary code on the Wi-Fi chip".

In details, an attacker within range that has access to your MAC address, can take advantage of the vulnerability and run arbitrary code on your WiFi Chip. Considering that your MAC address is broadcasted as part of the normal networking, the vulnerability is a pretty serious one, especially since a lot of people are connecting to unsecured WiFi hotspots, such as Internet Cafes, Coffee shops and public WiFi. Your MAC address is usually sent only to the gateways in your network, but once you're on a public WiFi, this becomes accessible to that specific gateway, which god knows who is operating it.

According to Beniamini, he was able to use this exploit to create a backdoor on the WiFi Chip to read and write data to and from it. Although he tested on iOS 10.2, he believes iOS 10.x up to 10.3.3 versions are affected.

Since the exploit has been fixed in iOS 11, I advise anyone who is not waiting for a jailbreak, to update to iOS 11. It might be a bit buggier, but this WiFi exploit is pretty serious, and I am pretty sure it is hard to tell when someone uses this on your device.
As for those who are patiently waiting on iOS 10.x for a jailbreak, pay attention what you install / access, and don't ever connect to untrusted networks, especially those on the coffee shops.


▽ Resources ▽
Google Project 0's Exploit
iOS 11 Security Content
iOS 11 Full Review
iOS 11 Best Cydia Alternative (App Valley) For ++ Apps UPDATED
Protect yourself from Jailbreak Scams


About GeoSn0w

C#, C, Objective-C Programmer | Beginner iOS Security Researcher | Content Creator | Web Developer I like to bring the latest news from the iOS / iDevice / Jailbreak battlefield to you in a beautiful manner :) I hope you like the site. If you do, don't forget to check out my channel :)