Apple Updates iOS to Patch Wi-Fi Vulnerability
4.4.2017 securityweek iOS
Apple has released an emergency security update for its iOS operating system to address a serious vulnerability affecting the Wi-Fi component.
According to the tech giant, the flaw is a stack-based buffer overflow that allows an attacker who is within range to execute arbitrary code on the Wi-Fi chip.
The security hole, tracked as CVE-2017-6975, has been addressed with the release of iOS 10.3.1 through improved input validation, Apple said. The update is available for iPhone 5 and later, iPod touch 6th generation and later, and iPad 4th generation and later.
9to5 Mac reported that while iOS 10.3 dropped support for 32-bit devices, the latest update reintroduces support for these systems.
The vulnerability was identified and reported by Gal Beniamini of Google Project Zero, which typically discloses the details of flaws found by its researchers after 90 days.
In a security advisory submitted to the Full Disclosure mailing list, Apple advised users to install the update immediately if possible, and pointed out that the update is only available through iTunes and the Software Update utility on the iOS device; the update will not show up on the Apple Downloads website or in the computer's Software Update application.
iOS 10.3.1 was released just one week after Apple announced the general availability of iOS 10.3, which brings many new features and patches for nearly 90 vulnerabilities. Roughly 30 of these security holes were reported to Apple by Google Project Zero researchers.