Broadcom vulnerability needs urgent patching
Vendors are scrambling to deliver patches for a remote-code execution vulnerability in Broadcom's wifi stack.
The security flaw is particularly worrying for Apple which uses Broadcom kit in its various iOS devices. Apple has already deployed a patch and users are encouraged to make haste with upgrading it.
Android users shouldn't be too smug either - many of the smartphones using Google's OS are also vulnerable to attack. The effect devices include the Nexus 5, 6 and 6P, most Samsung flagship devices, all iPhones since the iPhone 4 and newer iPods and iPads.
Google's Project Zero attempts to get ahead of these kinds of security vulnerabilities before they become a public issue and spokesperson Gal Beniamini describes Broadcom's firmware as lagging behind "in terms of security. Specifically, it lacks all basic exploit mitigations - including stack cookies, safe unlinking and access permission protection."
Broadcom has been working with the Project Zero team to deliver a solution before the vulnerability is exploited.
You must be logged in in order to post comments. Log In