This site may earn affiliate commissions from the links on this page. Terms of utilise.

iPhone malware

There's a new iOS update out, x.three.3, and if you use Wi-Fi on your iPhone and are still running OS X, you'll want to grab information technology immediately. There are a number of other security patches and bug fixes inside this version of the Bone. But the Wi-Fi problem is grabbing the nigh attending, on business relationship that it allows a remote attacker to proceeds full access to your smartphone, rather than requiring local access or for users to take a detail action (like unpacking a malicious file).

A full list of bug fixes and security improvements in iOS 10.three.3 is available hither, though the Wi-Fi announcement is near the lesser of the page:

Wi-Fi

Available for: iPhone five and later, iPad 4th generation and afterwards, and iPod touch 6th generation
Impact: An attacker inside range may be able to execute arbitrary code on the Wi-Fi chip
Clarification: A retentiveness abuse issue was addressed with improved retentiveness handling.
CVE-2017-9417: Nitay Artenstein of Exodus Intelligence.(Emphasis original)

This attack is the iOS version of Broadpwn, which Google patched a critical update dorsum on July 5, CNET reports. This assail has been given a score of 9.8/x on the National Institute of Standards and Technology alphabetize. It'southward considered dangerous if you use open Wi-Fi systems, because information technology gives the attacker the ability to remotely execute code on your device without having your PIN or password.

The attack strikes at weaknesses in the Broadcom BCM43xx family of products, which iPhones accept used in every device from the iPhone five to the iPhone 7. One thing nosotros do know about this exploit is that it apparently allows the assaulter to take full control of the CPU via the Wi-Fi connection.

Broadcom-43xx

Click to enlarge. Image by iFixit. Information technology is not clear if users with older devices (iPhone 4, 4s, etc) are affected on older operating systems.

This isn't the only bug that iOS 10.3.3 fixes, not past a long shot. Multiple WebKit problems are resolved, including some that immune arbitrary code execution, address bar spoofing, and for the exfiltration of data without the user'due south knowledge. Several retention corruption bug accept also been resolved, and applications are no longer allowed to read restricted memory (apparently a problems allowed this for some period of time). Apple tree also refers to fixes that prevent apps from executing arbitrary code with system or kernel privileges.

The human who found the Wi-Fi bug, Nitay Artenstein, will be giving a report on information technology at Black Chapeau on July 27. Affected devices include the iPhone 5 through iPhone 7 (and all variants in between if running iOS 10), the 4th generation iPad and later on versions, and the 6th generation iPod touch. Immediate upgrades are strongly recommended.