Google Releases Patch for Broadpwn Vulnerability in Android
July 8, 2017
Shah Sheikh (1294 articles)
Share

Google Releases Patch for Broadpwn Vulnerability in Android

Millions of Android phones are at risk of being remotely hacked due to a security flaw called Broadpwn.

Broadpwn is linked to a flaw in Broadcom WiFi chips and also affects iOS devices.

Google has issued out a patch to fix the critical bug, as well as other vulnerabilities in its July monthly security update.

Broadpwn is a critical remote execution flaw found in Broadcom’s BCM43xx family of WiFi chipsets, which allows hackers to remotely execute malicious code on targeted devices without user interaction.

Google described Broadpwn as “the most severe” of the issues it patched this month, adding that the bug “could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.” Google also said that it had “no reports” of any of the vulnerabilities that it patched having been used in attacks.

There’s not much information about how Broadpwn functions. However, according to Sophos security researcher Paul Ducklin,

“a crook who’s within Wi-Fi range could fire off booby-trapped network packets at your Wi-Fi hardware, trigger a bug in the wireless device and end up with the same programmatic powers as the Android operating system on your device.”

Apart from Broadpwn, Google also issued fixes for 10 other critical remote code execution flaws, as well as 94 high and 32 moderate rated vulnerabilities.

Given the nature of the flaws Google fixed, it is essential that users patch their devices.

Source | ibt times