Urgent iOS 10.3 Patch Released By Apple for Over 70 Vulnerabilities

An urgent update to Apple’s iOS 10.3 was released only a few days before the official distribution to users around the world. This new version of an iOS operating system for mobile phones was supposed to be released to the iPad and iPhone users around the world when an urgent update was suddenly released.

This rushed update’s purpose was to patch up one single vulnerability that, if left unchecked, could have allowed hackers to infect the Wi-Fi chip with an arbitrary code. This chip is built into the 4th generation of iPad, iPhone 5, the 6th generation of iPod Touch and all later devices as well.

A potential hacker could exploit these vulnerabilities and run the code on any nearby device. This could be done by exploiting a stack buffer overflow in the newest version of this operating system.

Apparently, this flaw was discovered by a member of Google’s Project Zero team named Gal Beniamini, and after pointing it out, Apple has addressed this newly discovered vulnerability by correcting the data input validation.

The iOS 10.3 was released on March 28, and the update had patches for over 70 vulnerabilities. Out of those 70 flaws, at least 18 could have been used for executing codes remotely. Also, a beta iOS 10.3.2 version was released last week to the public for their users to test.

The details of the vulnerability were published by Gal Beniamini, and apparently, the problem was in the firmware of the wireless chip. It’s been discovered that the firmware doesn’t have some of the necessary security features, like safe unlinking, stack cookies, access permission protection and other similar features that were supposed to be built into the chip’s hardware.

Further analysis of the chip’s firmware and the ways of its interaction with the hardware allowed Beniamini to write a successful exploit. This exploit allowed him to overflow the stack buffer, and therefore overwrite the device’s memory, which in turn lead to the execution of the arbitrary code, and all of this was done through the wireless interface. And, since the Broadcom’s wireless SoCs are being used by Android device as well, he managed to use his concept code to exploit the similar flaw on a Google Nexus 6P.

Beniamini has stated that Broadcom has been extremely helpful and responsive in both, fixing these vulnerabilities and also at making the fixes available for all of the affected vendors as well. He also said that he’ll continue with his explorations in order to discover how to gain control of the Wi-Fi SoC and therefore take over the device’s operating system through wireless methods.

Ali Raza
Ali Raza
Ali Raza is a freelance journalist with extensive experience in marketing and management. He holds a master degree and actively writes about crybersecurity, cryptocurrencies, and technology in general. Raza is the co-founder of SpyAdvice.com, too, a site dedicated to educating people on online privacy and spying.

More from author

Samsung Galaxy J7 Review

You need a new Android mobile phone. Like most of us, you'd prefer the latest top-of-the-line S-series handset from Samsung. But maybe it's not the cards financially. So, you're looking at more affordable alternatives, and your search has brought you to this Samsung Galaxy J7 review.
Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments

Related posts

Advertisment

Latest posts

7 Best Work from Home Apps for Moms

Being a mom is a job in itself. Between taking care of the kids, keeping up with household chores, and trying to squeeze in...

Top 9 Ways Technology is Helping Global Trade

If you are in a global business, utilizing technology is a surefire way of growing your business and increasing your customer base. Today, you...

7 Ways Technology Is Going To Transform Lead Generation

 In the ever-growing world of digital marketing, the ability to generate quality leads remains the most important ROI driver. Both inbound and outbound lead...