Urgent iOS 10.3 Patch Released By Apple for Over 70 Vulnerabilities
Credit: HeikoAL / Pixabay

An urgent update to Apple’s iOS 10.3 was released only a few days before the official distribution to users around the world. This new version of an iOS operating system for mobile phones was supposed to be released to the iPad and iPhone users around the world when an urgent update was suddenly released.

This rushed update’s purpose was to patch up one single vulnerability that, if left unchecked, could have allowed hackers to infect the Wi-Fi chip with an arbitrary code. This chip is built into the 4th generation of iPad, iPhone 5, the 6th generation of iPod Touch and all later devices as well.

A potential hacker could exploit these vulnerabilities and run the code on any nearby device. This could be done by exploiting a stack buffer overflow in the newest version of this operating system.

Apparently, this flaw was discovered by a member of Google’s Project Zero team named Gal Beniamini, and after pointing it out, Apple has addressed this newly discovered vulnerability by correcting the data input validation.

The iOS 10.3 was released on March 28, and the update had patches for over 70 vulnerabilities. Out of those 70 flaws, at least 18 could have been used for executing codes remotely. Also, a beta iOS 10.3.2 version was released last week to the public for their users to test.

The details of the vulnerability were published by Gal Beniamini, and apparently, the problem was in the firmware of the wireless chip. It’s been discovered that the firmware doesn’t have some of the necessary security features, like safe unlinking, stack cookies, access permission protection and other similar features that were supposed to be built into the chip’s hardware.

Further analysis of the chip’s firmware and the ways of its interaction with the hardware allowed Beniamini to write a successful exploit. This exploit allowed him to overflow the stack buffer, and therefore overwrite the device’s memory, which in turn lead to the execution of the arbitrary code, and all of this was done through the wireless interface. And, since the Broadcom’s wireless SoCs are being used by Android device as well, he managed to use his concept code to exploit the similar flaw on a Google Nexus 6P.

Beniamini has stated that Broadcom has been extremely helpful and responsive in both, fixing these vulnerabilities and also at making the fixes available for all of the affected vendors as well. He also said that he’ll continue with his explorations in order to discover how to gain control of the Wi-Fi SoC and therefore take over the device’s operating system through wireless methods.

16 COMMENTS

  1. 511132 431578I recognize there is a great deal of spam on this website. Do you need to have aid cleaning them up? I may possibly aid in between courses! 113815

  2. of course like your website but you have to test the spelling on several of your posts.
    A number of them are rife with spelling problems and I to find it very troublesome to inform the truth however I’ll certainly come again again.

  3. Había muchas investigaciones relacionadas con el diagnostico de la DE y su tratamiento.

  4. Fantastic goods from you, man. I have keep in mind your stuff previous
    to and you are just extremely wonderful. I really like what you have received right here, certainly like what you are stating and the best way through which you are saying
    it. You make it entertaining and you still care for to keep it sensible.

    I can not wait to read much more from you. That is actually a tremendous site.

  5. I don’t commonly comment but I gotta admit appreciate it for the post on this amazing one : D.

  6. Please let me know if you’re looking for a
    article author for your weblog. You have some really
    good articles and I think I would be a good asset. If you ever want
    to take some of the load off, I’d love to write some content for
    your blog in exchange for a link back to mine. Please
    shoot me an email if interested. Thanks!

  7. 615765 288619Theres noticeably a bundle to locate out about this. I assume you created certain great points in functions also. 543029

  8. hey there and thank you for your information – I’ve certainly picked up anything new from right
    here. I did however expertise a few technical points using this web site, as I experienced to reload
    the site many times previous to I could get it to load correctly.
    I had been wondering if your web hosting
    is OK? Not that I am complaining, but slow loading instances times will
    sometimes affect your placement in google and could damage your high quality
    score if advertising and marketing with Adwords.
    Well I’m adding this RSS to my e-mail and can look out for a
    lot more of your respective intriguing content. Ensure that you update this again very soon.

  9. After I originally left a comment I appear to have
    clicked the -Notify me when new comments are added- checkbox and from now on each time a comment is added I receive 4 emails
    with the exact same comment. Perhaps there is a way you are able to remove me from that service?
    Cheers!

  10. It’s a shame you don’t have a donate button! I’d definitely donate to
    this outstanding blog! I suppose for now i’ll settle for
    book-marking and adding your RSS feed to my Google account.
    I look forward to new updates and will share this blog with my Facebook group.
    Chat soon!

  11. Hi there to every one, the contents existing at this site are truly remarkable for people experience, well, keep up the nice work fellows.

  12. 529254 918972The planet are really secret by having temperate garden which are typically beautiful, rrncluding a jungle that is undoubtedly surely profligate featuring so several systems by way of example the game courses, golf process and in addition private pools. Hotel reviews 897355

LEAVE A REPLY

Please enter your comment!
Please enter your name here