The iOS 10.3.3 software update for iPhone, iPad and iPod touch which Apple released on Wednesday has patched a serious exploit that targeted open Wi-Fi signals.

According to CNET, Broadcom’s BCM43xx family of Wi-Fi chipsets contain a damaging exploit where an attacker could take over a device remotely if it was searching for a Wi-Fi signal.

If your iOS device has its Wi-Fi turned on, this attack allows nefarious users in range of your device to find it, remotely take over its Wi-Fi chip and crash your phone. The attack doesn’t need your device’s passcode to exploit the weakness.

The affected Broadcom BCM43xx chips are used in every iPhone and iPad from iPhone 5 and fourth-generation iPad onward. The sixth-generation iPod touch is prone to this exploit as well.

Upgrading to iOS 10.3.3 protects your devices from this particular attack.

Listing it as a critical security flaw, Apple’s security document describes it as follows:

Impact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip

Description: A memory corruption issue was addressed with improved memory handling.

Called “Broadpwn” exploit, it affects a bunch of other devices that use the aforesaid Broadcom chipsets, including HTC, LG and Samsung smartphones. Google patched this exploit in Android devices on July 5. On the US’s National Institute of Standards and Technology severity scale, “Broadpwn” scored a 9.8 out of 10.

  • Great Move by apple !!

  • :D

    I wonder if someone can release a jailbreak patch for older firmwares

    • White Michael Jackson

      I am hoping this happens cause i am on ios 9

  • Jake1047s

    I wonder if this has been fixed in the iOS 11 betas and if it hasn’t is there a way to send info to the bootrom from this so that we can gain control of iOS 11 and then hold on to any bugs we have until after iOS 11 comes out. Like we could use this to take over a phone, crash it, run a program that allows us to find vulns. at the boot level and then we can save them until after iOS 11 is out. When the 3ds bootrom was finally cracked open they found a really simple hardware solution that allows for anyone to write to the NAND via the cartraige slot by holding a combination of buttons and closing the lid. So I wonder if we can use this to do something similar.