A Proof-of Concept Exploit for iPhone Wi-fi Published by Google
A PoC exploit has been published by Google and it revealed detailed about a vulnerability that affected Broadcom chipsets in iOS 10 and earlier. It appears that this vulnerability was related to the Wi-Fi firmware.
The name given to it was CVE-2017-11120 and it appears that it corrupted memory. Attackers needed only the iPhone’s MAC address or network-port ID.
Here is what we know from the bug report:
“Attaching exploit for this issue. The exploit gains code execution on the Wi-Fi firmware on the iPhone 7. The password for the archive is “rrm_exploit”. The exploit has been tested against the Wi-Fi firmware as present on iOS 10.2 (14C92), but should work on all versions of iOS up to 10.3.3 (included). However, some symbols might need to be adjusted for different versions of iOS, see “exploit/symbols.py” for more information.”
Gal Beniamini was the one who discovered this vulnerability and he managed to discover a similar one back in April in the Broadcom WiFi SoC. In this case, the vulnerable devices are the ones packaged with iOS 10.2, up to 10.3.3. The ones with the firmware version BCM4355C0 are vulnerable as well.
When it comes to this Apple vulnerability, Beniamini managed to insert a backdoor to the firmware. Upon successful execution of the exploit, a backdoor is inserted into the firmware, allowing remote read/write commands to be issued to the firmware via crafted action frames (thus allowing easy remote control over the Wi-Fi chip)” he explained.
Apple reacted and it came with a solution as soon as possible. This vulnerability was fixed in the security update that came with the iOS 11 release. Therefore, the best way to be safe would be to upgrade your device to iOS 11.