• Welcome to Free PC Help, a free PC Help forum to get help with your computer problems.

    Free PC Help is a community that offers free computer help and support for all users, all ages, worldwide.

    In order to start asking questions or contribute on someone else's post you will first need to register. Don't worry - it's quick and easy and once you have registered you will have instant access to the entire forum.

    If you do decide to join the forums you will not have the option to send Private Messages [ PMs ] or add a Signature until you have made 5 posts or more. This is an attempt to try to stop Spammers using the PM system or adding links to their Signature.

Apple's scariest bug this week: Your device pwned over Wi-Fi

  • Thread starter
  • Admin
  • #1

Starbuck

Admin & Security Team
Joined
Feb 19, 2010
Location
Midlands, UK
PC Experience
Very Experienced
The iMessage vulnerability got a lot of attention, but another bug allows for remote execution over Wi-Fi, which is a much bigger threat.

Apple released new versions of several operating system products earlier this week, fixing vulnerabilities in OS X El Capitan and iOS 9 among others.

Because encryption and Apple are big news these days, the attention mostly went to an admittedly interesting flaw in Apple's encryption for iMessage, reported by a research team, led by well-known cryptographer Matthew Green.
But the bug is not an easy one to exploit and doesn't even expose a lot.

There are much scarier vulnerabilities in this week's disclosures.
Perhaps at the top of the list are CVE-2016-0801 and CVE-2016-0802, attributed to an anonymous researcher. Through this bug "an attacker with a privileged network position may be able to execute arbitrary code."

In fact, the bug is in a Broadcom Wi-Fi driver as described on source.android.com in the fix it issued on February 1:

Multiple remote execution vulnerabilities in the Broadcom Wi-Fi driver could allow a remote attacker to use specially crafted wireless control message packets to corrupt kernel memory in a way that leads to remote code execution in the context of the kernel.
These vulnerabilities can be triggered when the attacker and the victim are associated with the same network.
This issue is rated as a Critical severity due to the possibility of remote code execution in the context of the kernel without requiring user interaction.
Now that's scary! You're on a Wi-Fi network, perhaps a public one but not necessarily, maybe even on a VPN, and any other user on that network can cause your computer to execute kernel-level code.
It doesn't get much more vulnerable than that.
Patch... Right... Now.

We wrote about the Android fix at the time.
That means for almost 7 weeks this bug was disclosed and vulnerable in iOS, OS X, tvOS and WatchOS, not to mention who knows how many other companies' products.
The Android disclosure comes with helpful links to the source code fixes, perhaps making things easier for attackers.

And remember, these bugs were disclosed by the Android Project along with fixes for Google's Nexus devices.
What about other devices where the fixes are issued by carriers?
I see no fixes since then for my AT&T Samsung Galaxy S4.

The best advice I can give you, as I would have given you anyway, is to patch quickly.
If patches are not available, then cross your fingers... That's about all you can do.


Source:
http://www.zdnet.com/article/apples-scariest-bug-this-week-pwn-your-device-over-the-wi-fi/
 
Top Bottom