Most iPhones, iPads, and iPods contain Wi-Fi chips made by Broadcom (although some contain Intel chips). The chips with model numbers BCM4354, BCM4358, and BCM4359 all have a vulnerability that allows a nearby attacker to take control of the affected device completely in the background.
SEE: iCloud Keychain encryption bug exposes iOS passwords, credit card numbers (TechRepublic) Must Read:How to clear iPad history ?
A user with a Broadpwned device won't even know they're affected, yet all the while the attacker can inject code, steal data, and completely control the device.
Broadpwn is serious enough for the National Institute of Standards and Technology to rate it a 9.8 on a threat scale that goes up to 10. In short, you don't want to fall prey to this hack.
Updates? Not all iPhones
Apple has used Broadcom chips in every generation of its iOS devices. Nitay Artenstein, the analyst who discovered the bug, says it affects all Broadcom BCM43xx chips. Older iPhones that aren't getting the 10.3.3 update still contain BCM43xx chips, raising concerns that they could be vulnerable as well.
Apple hasn't stated whether iOS devices older than the iPhone 5, iPad 4, and iPod 6 will get the update. If you're using one of those devices it's a good time to consider replacing it—hardware that's past the end of its support life might still work just fine but it's a ticking time bomb of vulnerabilities.
Android fragmentation means that there are potentially millions of unpatched devices being used. Users may largely be unaware of the flaw, and those who are aware likely don't know when they'll receive an OEM-certified update.
In the meantime it's not a bad idea to turn off Wi-Fi on your Android device until you can be sure you received the update.
No comments:
Post a Comment