Download and install the last iOS 10.3.1, attackers can hack you over Wi-Fi

A critical flaw could be exploited by attackers within range to “execute arbitrary code on the Wi-Fi chip,” download and install last iOS 10.3.1 version.

Last week, Apple released iOS 10.3, an important release of the popular operating system the fixed more than 100 bugs and implements security improvements.

Apple opted to push an emergency patch update (iOS 10.3.1 version), that fixed some critical vulnerabilities, including one tracked as CVE-2017-6975. The flaw could be exploited by attackers within range to “execute arbitrary code on the Wi-Fi chip.”

The flaw was first discovered by the expert Gal Beniamini from the Google’s Project Zero team, the expert and his team did not disclose technical details on the flaw.

“Impact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip

Description: A stack buffer overflow was addressed through improved input validation.

CVE-2017-6975: Gal Beniamini of Google Project Zero” reads the security note published by Apple for the iOS 10.3.1 release.

The CVE-2017-6975 affects iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

iPhone 5S was not affected because it is the first model based on a 64-bit processor.

Today Beniamini will publish a detailed technical analysis of the issue, including a detailed description of the attack scenario.The iOS 10.3.1 update can be downloaded via Settings → General → Software Update on your iOS device.

Apple users already running the iOS 10.3 can download and install the iOS 10.3.1 release simply pressing on the “Download and Install” button to install the update.

If you are the owner of an Apple iPhone, iPad and iPod Touch you must update your device as soon as possible.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Apple, iOS 10.3.1 )

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.