Last week, Apple released iOS 10.3, an important release of the popular operating system the fixed more than 100 bugs and implements security improvements.
Apple opted to push an emergency patch update (iOS 10.3.1 version), that fixed some critical vulnerabilities, including one tracked as CVE-2017-6975. The flaw could be exploited by attackers within range to “execute arbitrary code on the Wi-Fi chip.”
The flaw was first discovered by the expert Gal Beniamini from the Google’s Project Zero team, the expert and his team did not disclose technical details on the flaw.
“Impact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip
Description: A stack buffer overflow was addressed through improved input validation.
CVE-2017-6975: Gal Beniamini of Google Project Zero” reads the security note published by Apple for the iOS 10.3.1 release.
The CVE-2017-6975 affects iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later
iPhone 5S was not affected because it is the first model based on a 64-bit processor.
Today Beniamini will publish a detailed technical analysis of the issue, including a detailed description of the attack scenario.The iOS 10.3.1 update can be downloaded via Settings → General → Software Update on your iOS device.
Apple users already running the iOS 10.3 can download and install the iOS 10.3.1 release simply pressing on the “Download and Install” button to install the update.
If you are the owner of an Apple iPhone, iPad and iPod Touch you must update your device as soon as possible.
(Security Affairs – Apple, iOS 10.3.1 )