Apple fixes wireless-based remote code execution flaw in iOS<article>
<section class="page">
<p>Apple released an <a href="
http://www.macworld.com/article/3187057/ios/ios-10-3-1-update-is-now-available.html" target="_blank">iOS update Monday[/url] to fix a serious vulnerability that could allow attackers to remotely execute malicious code on the Broadcom Wi-Fi chips used in iPhones, iPads, and iPods.</p><p>The vulnerability is a stack buffer overflow in the feature that handles authentication responses for the fast BSS transition feature of the 802.11r protocol, also known as fast roaming. This feature allows devices to move easily and securely between different wireless base stations in the same domain.</p><p>Hackers can exploit the flaw to execute code in the context of the Wi-Fi chip's firmware if they're within the wireless range of the targeted devices.</p><p class="jumpTag"><a href="/article/3187378/security/apple-fixes-wireless-based-remote-code-execution-flaw-in-ios.html#jump">To read this article in full or to leave a comment, please click here[/url]</p></section></article>
Source:
Apple fixes wireless-based remote code execution flaw in iOS
