Broadpwn Vulnerability Affects Android and iOS
Security researcher Nitay Artenstein discovered a vulnerability, CVE-2017-9417, in Broadcom's BCM43xx family of WiFi chips, dubbed "Broadpwn," affecting Android and iOS devices. Successful exploitation of this vulnerability could allow a remote threat actor to execute code on the affected device without user interaction. Details of this vulnerability are scant, though it reportedly affects millions of Android and iOS devices from several vendors, including Google (Nexus), HTC, LG, and Samsung. Artenstein is scheduled to present the details of the vulnerability at this year's Black Hat USA security conference in Las Vegas on July 27. Android patched this vulnerability in its July 5th update; information on iOS devices is unavailable as of this post. The NJCCIC recommends all Android and iOS device users apply the most current OS release to their device, only connect to trusted networks, and disable any WiFi auto-connect features.