Google and Apple release emergency patches to fix Wi-Fi exploit in iPhone 7 and Galaxy S7 Edge
Google warns that Apple’s iPhone 7 and Samsung’s Galaxy S7 Edge, as well as any smartphone that integrates Broadcom Wi-Fi chips may be exposed to a security vulnerability that enables hackers to remotely hijack the device.
Gal Beniamini, a Google Project Zero security team member, claims that “the exploit has been tested against the Wi-Fi firmware as present on iOS 10.2 (14C92), but should work on all versions of iOS up to 10.3.3.” The security specialist further explains that “upon successful execution of the exploit, a backdoor is inserted into the firmware, allowing remote read/write commands to be issued to the firmware via crafted action frames, thus allowing easy remote control over the Wi-Fi chip.” Google estimates that the exploit could affect over a billion devices. This also includes smart TVs that come pre-installed with Android OS.
A patch for Android 8.0 Oreo that fixes this issue, along with the BlueBorne vulnerability, was released by Google on September 5. Apple also claims that this issue is fixed in the latest iOS 11 and tvOS builds released last week. Even though the emergency patches are out, it may be awhile before all affected devices get patched.