Last week, Apple released iOS 10.3, an important release of the popular operating system the fixed more than 100 bugs and implements security improvements.
Apple opted to push an emergency patch update (iOS 10.3.1 version), that fixed some critical vulnerabilities, including one tracked as CVE-2017-6975. The flaw could be exploited by attackers within range to “execute arbitrary code on the Wi-Fi chip.”
The flaw was first discovered by the expert Gal Beniamini from the Google’s Project Zero team, the expert and his team did not disclose technical details on the flaw.
“Impact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip
Description: A stack buffer overflow was addressed through improved input validation.
CVE-2017-6975: Gal Beniamini of Google Project Zero” reads the security note published by Apple for the iOS 10.3.1 release.
The CVE-2017-6975 affects iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later
iPhone 5S was not affected because it is the first model based on a 64-bit processor.
Today Beniamini will publish a detailed technical analysis of the issue, including a detailed description of the attack scenario.The iOS 10.3.1 update can be downloaded via Settings → General → Software Update on your iOS device.
Apple users already running the iOS 10.3 can download and install the iOS 10.3.1 release simply pressing on the “Download and Install” button to install the update.
If you are the owner of an Apple iPhone, iPad and iPod Touch you must update your device as soon as possible.
(Security Affairs – Apple, iOS 10.3.1 )
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.