Apple patches critical Broadpwn vulnerability in its various OSes

Apple has released security updates for iOS, macOS (Sierra, El Capitan, and Yosemite), Safari, iCloud, iTunes, watchOS and tvOS.

As per usual, the same fixed Webkit flaws abound in all of the updates, as it is the web browser engine used by Safari, App Store, and many other applications.

Among the other plugged holes a few stand out, for various reasons:

• Among the WebKit flaws, there’s one disclosed to Apple by the UK’s National Cyber Security Centre, which is part of the Government Communications Headquarters (GCHQ), UK’s intelligence service equivalent to the US NSA.
• A few flaws in the libarchive and libxml2 open source software libraries were discovered by Google, through its OSS-Fuzz project
• A bucketload of kernel flaws.

Finally, Apple has shipped a patch for a critical flaw in some Broadcom Wi-Fi chipsets, which could be exploited by attackers to execute arbitrary code on the Wi-Fi chip included in vulnerable macOS, iOS, watchOS and tvOS devices.

The vulnerability (CVE-2017–9417), dubbed Broadpwn, was flagged by Nitay Artenstein of Exodus Intelligence, and he will tell the story of how he discovered it and exploited it a week from now at BlackHat USA 2017.

The exploit does not require user interaction to work, but the attacker must be within range of the target device.

“Besides Apple, those chipsets are present on most smartphone devices like HTC, LG, Nexus and most Samsumg models as well. Make sure to have this vulnerability fixed in all your devices — especially if you are planning to be in Las Vegas next week,” noted Renato Marinho, Chief Research Officer at Morphus Labs.

Google has patched the Broadpwn vulnerability in its July 2017 Android security update.