Apple’s newest security update has just begun to roll out to iPhones, iPads and iPods worldwide. And this is an important one indeed, because it fixed a big security flaw in the Broadcom Wi-Fi chips used in recent iPhone models.
While Apple reveals little when the security update shows up as a notifications badge on your Settings app, the security flaw is a big one and could let attackers within Wi-Fi range inject and run all sorts over code on your smartphone.
The security flaw was pointed out by Google Project Zero security pro Gal Beniamini. Beniamini in his detailed blog post, pointed out how it mainly impacts the iPhone 5 and newer models and even messes up Google Nexus devices; including some Samsung Galaxy models as well. The flaw is to do with Broadcom’s Wi-Fi SoC that is used in large number of mobile devices today, so there’s really no telling how widespread this issue really is.
Beniamini’s research hints that it is indeed Broadcom’s WiFi SoC commenting that the chip “lacks basic exploit mitigations, such as stack cookies, safe unlinking,” and also doesn’t use the available memory protection features.
For Apple’s iOS users, it’s just another quick fix that comes on time for all Apple devices. Google too released its Android update last week, but there’s really no telling how many have received or downloaded the patch thanks to interference from manufactureres and their custom software modifications.
Apple on its support page states that the update is available for iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later.
Oddly the update is also said to re-enabled some iCloud settings and features that were by default disabled. Apple told Tom’s Hardware that only a small number of iCloud users were impacted and that Apple will be sending across emails to all affected customers to make them aware of the issue. Apple also said that the change in iCloud settings was a problem that affected its users on iOS 10.3 and that the issue was fixed in iOS 10.3.1, which is the newest update.