Security Alert: Why You Should Update to iOS 11 Now
Apple has provided plenty of reasons for you to update your iPhone to iOS 11, but the latest reason — a security flaw in iOS 10 and earlier — came from Google.
The flaw, which Apple fixed with the major iOS update released on Sept. 19, allows remote access to the Wi-Fi chip in Apple's smartphones, as well as in other devices.
Credit: Tom's Guide
The report, published to Google's Chromium developer site by Google Project Zero team member Gal Beniamini, explains that an iPhone 7 connected to Wi-Fi can be hacked into if the attacker knows nothing more than the phone's MAC address, or network-port ID.
Once that unique identifier is found (and every device connected to a Wi-Fi network broadcasts its MAC address), a laptop can easily jack into the device by running the proof-of-concept exploit software that Beniamini created to demonstrate the danger of this vulnerability.
Beniamini privately posted his notes on the vulnerability in Google's Chromium bug-reporting system back on Aug, 23 and informed Broadcom, maker of the Wi-Fi chip in question. Beniamini's reports were made public today (Sept. 26), a week after iOS 11 came out. Apple's security documentation for iOS 11 lists that it killed this bug, which it refers to by the Common Vulnerability code CVE-2017-11120.
For upgrade instructions, including how to prepare yourself for iOS 11, check out our guide. Beniamini notes that this specific bug is rooted in the Broadcom Wi-Fi chips found in the iPhone 7 and any devices with those chips that run the firmware version BCM4355C0. That includes a plethora of other devices, including Android handsets, the Apple TV and smart TVs.
While Apple updated tvOS for this flaw (open Settings, select System, select Software Updates and select Update Software), it appears that Google has issued only updates to its Nexus and Pixel devices. Other Android handset manufacturers, as usual, will push out the updates on their own schedule.
Because users can't check which version of the Broadcom firmware is running on their machines, we recommend that all iPhone owners patch their devices to iOS 11. As an iPhone 6 owner, I can report that my device may have slowed down a hair, but it is still usable.
If Broadcom chip-related security sounds familiar, this flaw is a sibling of a different Broadcom flaw Beniamini disclosed in April. It's also similar to BroadPwn, a flaw that affects Android and iOS devices and was disclosed by a different Israeli reseacher, Nitay Artenstein, earlier this summer. All three flaws permit remote takeover of smartphones over local Wi-Fi connections.