ITP Sites:   ITP Site|TechBlog|TechHub in schools|NZ CloudCode|All Tech Events|Software Escrow NZ

ITP Techblog

Brought to you by IT Professionals NZ
Menu
« Back to Home

Broadcom vulnerability needs urgent patching

Paul Brislen, Editor. 06 April 2017, 8:29 am

Vendors are scrambling to deliver patches for a remote-code execution vulnerability in Broadcom's wifi stack.

The security flaw is particularly worrying for Apple which uses Broadcom kit in its various iOS devices. Apple has already deployed a patch and users are encouraged to make haste with upgrading it.

Android users shouldn't be too smug either - many of the smartphones using Google's OS are also vulnerable to attack. The effect devices include the Nexus 5, 6 and 6P, most Samsung flagship devices, all iPhones since the iPhone 4 and newer iPods and iPads.

Google's Project Zero attempts to get ahead of these kinds of security vulnerabilities before they become a public issue and spokesperson Gal Beniamini describes Broadcom's firmware as lagging behind "in terms of security. Specifically, it lacks all basic exploit mitigations - including stack cookies, safe unlinking and access permission protection."

Broadcom has been working with the Project Zero team to deliver a solution before the vulnerability is exploited.


Comments

You must be logged in in order to post comments. Log In


Web Development by The Logic Studio