Apple has updated iOS 10 to fix 47 security flaws, including one that can be used to hack iPhones and iPads within Wi-Fi range.
It's hard to hack iOS without relying on user interaction, but it can still be done by attacking a softer target: the Wi-Fi chip in most iOS devices, as well as Android mobiles.
Apple's latest iOS update, version 10.3.3, addresses yet another critical bug in the Broadcom43xx Wi-Fi chipset on the iPhone.
The vulnerability, known as 'Broadpwn' (CVE-2017-9417), was discovered by researcher Nitay Artenstein of Exodus Intelligence. He'll detail his hack at the Black Hat conference in August and explain how to move from controlling the chip to hacking the main OS.
Google patched the same issue in its July Android update, which according to Artenstein also affects devices from LG, Google's Nexus phones, and nearly all Samsung flagships.
Google's Project Zero researchers, who have also investigated the chipset, believe hackers are likely to target it as an easier entry point than flaws in the better defended OS or apps.
Apple patched a similar Broadcom Wi-Fi bug found by Project Zero in iOS 10.3.1 this April.
Apple says the latest memory corruption exploit allows an attacker within Wi-Fi range to execute attack code on the Wi-Fi chip.
The iPhone maker fixed 46 other flaws in its latest update, including a handful of bugs in the iOS kernel, Safari, and its WebKit browser engine.
Apple's macOS update fixes 37 bugs and 25 bugs in Safari for macOS.
Feature-wise, iOS 10.3.3 offers little, and it may be one of the final updates before iOS 11's arrival in fall.
READ MORE ABOUT iOS
- Apple releases iOS 10.2.1 with bug fixes
- iPhone lock: Did hackers drive Apple to kill iCloud activation checker?
- Apple's big iPhone payoff? It's on track to top $1 trillion from iOS by mid-year
- Apple releases iOS 10.3.3
- The Cloud? Apple's iOS can't handle the Cloud
- How to downgrade from the iOS 11 beta back to iOS 10 (TechRepublic)
- iOS 11: All the new features, tips and guides (CNET)