A Wi-Fi chipset used in both Android and Apple devices has been exploited by researchers to upload and execute arbitrary code. An iOS patch has been issued but Android users have been left waiting.
A firmware vulnerability contained in Broadcom wireless chipsets commonly found in iOS and Android devices has been exploited by security researchers, allowing devices to be compromised through the execution of arbitrary code.
In an impressively detailed blog post , Project Zero security researcher, Gal Beniamini, explained that the exploit requires ‘no user interaction’ so long as the device is within Wi-Fi range. The researcher was able to overwrite specific regions of device memory with arbitrary code by sending Wi-Fi frames which contained irregular values.
