Broadcom wifi chipset critical vulnerability
According to the latest security updates released by Google for Android devices, a serious bug dubbed as BroadPwn that affected Broadcom Wi-Fi chipsets found in millions of android devices and certain IPhone models. BroadPwn is a critical remote code execution vulnerability residing in all of Broadcom’s BCM43xx family of Wi-Fi Chipsets that enables an attacker to run malicious code remotely with kernel privileges. “The most severe vulnerability in this [runtime] section could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process,” Google describes in the July 2017 Android Security Bulletin.
The vulnerability discovered by researcher Nitay Artenstein from Exodus Intelligence was given CVE-2017-3544 and he will present his findings in BlackHat 2017. “The Broadcom BCM43xx family of Wi-Fi chips is found in an extraordinarily wide range of mobile devices – from various iPhone models to HTC, LG, Nexus and practically the full range of Samsung flagship devices,” the abstract for Artenstein’s talk says.
In addition, the monthly security update included patches for 10 critical remote execution bugs, 94 high and 32 moderate rated vulnerabilities.