iOS用Wifi者, 必需立即取安全更新- 严重程度 9.8/10 [轉...

jgyjgw · 發表於 2017-7-24 04:43:35

本帖最後由 jgyjgw 於 2017-7-24 04:47 編輯

如你 iOS 用 Wifi, 必需立即取security update安全更新 10.3.3 -- Broadpwn 严重程度 9.8/10， [轉載,英文] - 待板主大佬翻译吧?

If you use Wi-Fi on your iOS device, get this security update -- Apple released the update on Wednesday to stop an exploit that targeted open Wi-Fi signals

BY ALFRED NG JULY 19, 2017 1:06 PM PDT
https://www.cnet.com/news/apple- ... -ios-hack-broadpwn/

Apple released a security patch on Wednesday that you should really consider updating to if you enjoy using Wi-Fi on your iOS devices.

So, you know, just about everybody should update.

The iOS 10.3.3 update addresses vulnerabilities with your Contacts, Messages, Notifications, Safari and other issues. One of the more potentially damaging exploits was hidden in the iPhone's Wi-Fi chipset, where an attacker could take over a device remotely if it was searching for a signal.

Hackers are constantly looking for vulnerabilities in systems, and outdated devices make for an easy target. Just look at how many old computers the WannaCry ransomware attack was able to take advantage of. Companies like Microsoft, Google and Apple can release updates to fix their flaws, but it doesn't matter if people aren't downloading them.

For this Wi-Fi-based attack, you'll want to upgrade. If your iOS device has its Wi-Fi turned on, attackers in range could find your device, remotely take over its Wi-Fi chip and crash your phone.

This is the Broadpwn exploit, which Google patched for Android devices on July 5, listing it as a critical security flaw. It affected a broad range of devices from companies like HTC, LG and Samsung. The attack doesn't need your device's PIN or password to exploit the weakness.

On the US's National Institute of Standards and Technology severity scale, Broadpwn scored a 9.8 out of 10.

Apple said the vulnerability it patched affected the iPhone 5 to iPhone 7, the fourth-generation iPad and later versions, and the iPod Touch 6th generation.

Nitay Artenstein, a security researcher at Exodus Intelligence, discovered the exploit and will be providing more details about his findings at a Black Hat presentation in Las Vegas on July 27.

jgyjgw · 發表於 2017-7-24 04:49:58

iPhone, iPad owners: Update now to block 'Broadpwn' Wi-Fi hack
http://www.zdnet.com/article/iph ... roadpwn-wi-fi-hack/
Apple has used an update to iOS 10 to fix a potentially dangerous Wi-Fi bug affecting most of its hardware.
By Liam Tung | July 20, 2017 -- 09:38 GMT (02:38 PDT) | Topic: Security

Apple has updated iOS 10 to fix 47 security flaws, including one that can be used to hack iPhones and iPads within Wi-Fi range.
It's hard to hack iOS without relying on user interaction, but it can still be done by attacking a softer target: the Wi-Fi chip in most iOS devices, as well as Android mobiles.

Apple's latest iOS update, version 10.3.3, addresses yet another critical bug in the Broadcom43xx Wi-Fi chipset on the iPhone.

The vulnerability, known as 'Broadpwn' (CVE-2017-9417), was discovered by researcher Nitay Artenstein of Exodus Intelligence. He'll detail his hack at the Black Hat conference in August and explain how to move from controlling the chip to hacking the main OS.

Google patched the same issue in its July Android update, which according to Artenstein also affects devices from LG, Google's Nexus phones, and nearly all Samsung flagships.

Google's Project Zero researchers, who have also investigated the chipset, believe hackers are likely to target it as an easier entry point than flaws in the better defended OS or apps.

Apple patched a similar Broadcom Wi-Fi bug found by Project Zero in iOS 10.3.1 this April.

Apple says the latest memory corruption exploit allows an attacker within Wi-Fi range to execute attack code on the Wi-Fi chip.

The iPhone maker fixed 46 other flaws in its latest update, including a handful of bugs in the iOS kernel, Safari, and its WebKit browser engine.

The Broadpwn bug also affects Mac hardware, Apple TV, and Apple Watch. Apple fixed the issue for Macs in the macOS Sierra 10.12.6 update, and updates for TVos, and watchOS.

Apple's macOS update fixes 37 bugs and 25 bugs in Safari for macOS.

Feature-wise, iOS 10.3.3 offers little, and it may be one of the final updates before iOS 11's arrival in fall.

artlo · 發表於 2017-7-24 04:59:48

Thank you for sharing, I am not an apple fans.

HKOXSEX · 發表於 2017-7-24 06:32:54

Shutdown wifi connection when you don't need to use it.

PKIP11 · 發表於 2017-7-24 07:45:01

An important update indeed for Apple users

rabbit2000 · 發表於 2017-7-24 07:47:35

Apple fans be careful

bucchara · 發表於 2017-7-24 09:18:12

提示: 作者被禁止或刪除內容自動屏蔽

callgirls · 發表於 2017-7-24 21:56:56

又是駭客攻擊事件

beckham3 · 發表於 2017-7-25 16:13:27

回復 jgyjgw #1 的帖子

Adnroid未有fix喎?

浩科 · 發表於 2017-7-25 22:36:21

Apple fans be careful

jgyjgw · 發表於 2017-7-26 00:22:36

beckham3 發表於 2017-7-25 16:13
回復 jgyjgw #1 的帖子

Adnroid未有fix喎?

https://source.android.com/security/bulletin/2017-07-01

Android Security Bulletin—July 2017

Published July 5, 2017 | Updated July 6, 2017

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of July 05, 2017 or later address all of these issues. Refer to the Pixel and Nexus update schedule to learn how to check a device's security patch level.

Partners were notified of the issues described in the bulletin at least a month ago. Source code patches for these issues have been released to the Android Open Source Project (AOSP) repository and linked from this bulletin. This bulletin also includes links to patches outside of AOSP.

The most severe of these issues is a critical security vulnerability in media framework that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process. The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed.

We have had no reports of active customer exploitation or abuse of these newly reported issues. Refer to the Android and Google Play Protect mitigations section for details on the Android security platform protections and Google Play Protect, which improve the security of the Android platform.

We encourage all customers to accept these updates to their devices.