Thoughtful, detailed coverage of the Mac, iPhone, and iPad, plus the TidBITS Content Network for Apple consultants.

iOS 10.3.3 Patches High-Profile BroadPwn Flaw

The ThreatPost blog has called out the fact that Apple’s recently released iOS 10.3.3 patches a high-profile flaw known as BroadPwn. The BroadPwn vulnerability, which affects Broadcom’s BCM43xx family of Wi-Fi chips, allows an attacker within Wi-Fi range to execute code on the Wi-Fi chips of affected devices. Exactly what an attacker could do from that point remains unknown, but said code would be running underneath the operating system.

(Everything we’ve seen talks about BroadPwn only in the context of iOS and Android, but Apple’s recent operating system updates all say that they fix the same bug, and Apple uses the affected Broadcom BCM43xx Wi-Fi chips across all of its hardware lines. So it seems likely that all of Apple’s platforms are vulnerable unless they are running the latest versions of their operating systems (see “Apple Releases macOS 10.12.6, iOS 10.3.3, watchOS 3.2.3, and tvOS 10.2.2,” 19 July 2017). However, the security update for OS X 10.11.6 El Capitan and 10.10.5 Yosemite does not reference the BroadPwn bug.)

The practical upshot of this is that you should update to iOS 10.3.3 soon. Most security vulnerabilities are either limited in what they can do or how attackers can use them, but our security editor, Rich Mogull, said that BroadPwn looks to be one of the worst vulnerabilities he has seen in a while. So hey, just go to Settings > General > Software Update and update your iOS 10 devices right now.

What counts as an affected device? According to Nitay Artenstein, the Exodus Intelligence researcher who discovered BroadPwn, the vulnerability “is found in an extraordinarily wide range of mobile devices — from various iPhone models to HTC, LG, Nexus, and practically the full range of Samsung flagship devices.” Artenstein will be presenting a session on BroadPwn at the Black Hat USA 2017 Conference.

In its security notes about iOS 10.3.3, Apple says that the update patches the flaw on the iPhone 5 and newer, the fourth-generation iPad and newer, and the sixth-generation iPod touch. But that’s just because those are the only devices that can run iOS 10.

Older devices remain problematic. For instance, the iPhone 4 and iPhone 4S, among others, also use vulnerable Broadcom Wi-Fi chips, and because they can’t run iOS 10.3.3, they are likely vulnerable to BroadPwn.

As far as I can remember, Apple has never released a security update to a previous version of iOS. Unfortunately, since about 8 percent of iOS devices are still running an earlier version and there are well over 1 billion iOS devices in active use, that policy puts millions of people at risk. We’d like to see Apple follow the same policy it has with macOS, where two previous versions of the operating system receive security updates. We don’t know why Apple didn’t address BroadPwn for Yosemite and El Capitan; perhaps there’s other some reason they aren’t vulnerable.

Of course, risk is relative. Most people with everyday data on their devices have little to worry about, particularly with BroadPwn, which requires an attacker to be within Wi-Fi range. However, if you use an older, BroadPwn-vulnerable iOS (or Android) device to communicate about sensitive government, corporate, or medical topics, now would be a good time to switch to a newer device.


Backblaze is unlimited, unthrottled backup for Macs at $5/month.
Web access to files means your data is always available. Restore
by Mail allows you to recover files via a hard drive or USB.
Start your 15-day trial today! <>

Comments about iOS 10.3.3 Patches High-Profile BroadPwn Flaw
(Comments are closed.)

Brian Caswell  2017-07-21 18:34
Is there any protection by switching off wifi when out and about?
Adam Engst  An apple icon for a TidBITS Staffer 2017-07-22 18:36
Probably, but honestly, I can't say for sure.
Dennis B. Swaney  2017-07-22 13:47
So iPhone 6 and above don't use the affected chip? Ditto the iPad Mini 3 and above? AFAIK, those also run iOS 10.
Adam Engst  An apple icon for a TidBITS Staffer 2017-07-22 18:26
"the iPhone 5 and newer, the fourth-generation iPad and newer, and the sixth-generation iPod touch"

That includes everything after the specified devices, including the iPhone 6, iPad Pro, etc.
Dennis B. Swaney  2017-07-23 13:26
Thanks, Adam.
Hi Adam. -- Does having a password-protected wi-fi signal prevent hackers from causing trouble?
Adam Engst  An apple icon for a TidBITS Staffer 2017-07-24 18:56
I think that would be unrelated, since the attack is direct at the Wi-Fi chip in the device, not a network that you're connecting to.
Ok, thanks Adam. -- I was afraid that was going to be your response, but thanks for the answer.
Hank Roberts  2017-07-25 11:46
I am so sick of junking Apple hardware that can't be fixed.
I still have a working Mac built in Fremont during the "zero defects" era. I guess Henry Ford would say they spent too much money building those since they never seemed to fail.
David Redfearn  An apple icon for a TidBITS Supporter 2017-07-27 13:15
Anyone know if this has also been fixed in the latest iOS 11 beta? I would assume it has.

Answer to the question "why... ?" is: because it's no longer Apple. It's F..Aplle.
It's very frustrating to see that this company is not much different from Micro... .