nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

Drive-by Wi-Fi i-Thing attack, oh my!

Don't skip this update

By Richard Chirgwin, 3 Apr 2017

Apple hasn’t provided much detail, but you don’t want to ignore the latest iOS release – 10.3.1 – because it plugs a very nasty Wi-Fi vulnerability.

Cupertino has rushed out the emergency patch because: “An attacker within range may be able to execute arbitrary code on the Wi-Fi chip” – meaning, presumably, that malicious packets gave attackers a vector.

The fix for the bug, which Apple attributes to Gal Beniamini of Google’s Project Zero, was a buffer overflow fixed by better input validation.

The bug affected iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation and later.

The release of 10.3.1 comes just a week after Apple released 10.3.

9to5Mac notes that while 10.3 left older 32-bit devices off the list, 10.3.1 includes them – indicating how serious Apple views the bug. ®

The Register - Independent news and views for the tech community. Part of Situation Publishing