The iOS 10.3.3 software update for iPhone, iPad and iPod touch which Apple released on Wednesday has patched a serious exploit that targeted open Wi-Fi signals.
According to CNET, Broadcom’s BCM43xx family of Wi-Fi chipsets contain a damaging exploit where an attacker could take over a device remotely if it was searching for a Wi-Fi signal.
If your iOS device has its Wi-Fi turned on, this attack allows nefarious users in range of your device to find it, remotely take over its Wi-Fi chip and crash your phone. The attack doesn’t need your device’s passcode to exploit the weakness.
The affected Broadcom BCM43xx chips are used in every iPhone and iPad from iPhone 5 and fourth-generation iPad onward. The sixth-generation iPod touch is prone to this exploit as well.
Upgrading to iOS 10.3.3 protects your devices from this particular attack.
Listing it as a critical security flaw, Apple’s security document describes it as follows:
Impact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip
Description: A memory corruption issue was addressed with improved memory handling.
Called “Broadpwn” exploit, it affects a bunch of other devices that use the aforesaid Broadcom chipsets, including HTC, LG and Samsung smartphones. Google patched this exploit in Android devices on July 5. On the US’s National Institute of Standards and Technology severity scale, “Broadpwn” scored a 9.8 out of 10.