6.8 Medium
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.004 Low
EPSS
Percentile
69.9%
iOS 10.3 update soon, Apple launched iOS 10.3.1, according to Apple provides the iOS version, the iOS 10.3 official version of the total repair more than one hundred security vulnerabilities, and to achieve a certain extent of safety improvement. And in the version released after less than a week, Apple also to the user of the emergency push an updated version, i.e. iOS 10.3.1, and in the new version to fix multiple serious security vulnerabilities, and where there is a vulnerability will allow the attacker through the iOS device’s Wi-Fi chip to achieve arbitrary code execution.
This vulnerability, CVE-2017-6975 is a Google Project Zero project members Gal Beniamini found, he said will be in tomorrow via a Twitter post about this vulnerability for more detailed information. Apple currently does not provide any information about the vulnerability details, but they are urging iPhone, iPad and iPod Touch users as soon as they update to the latest version.
Vulnerability information
According to the iOS 10.3.1 security update announcement, Apple will Vulnerability CVE-2017-6975 described to a stack buffer overflow vulnerability, and by improving the system of input validation to fix this vulnerability.
When the execution stack space to grow more than the system for which the allocated memory space, it will trigger the stack buffer overflow vulnerability, while an attacker can exploit this vulnerability and through the device’s Wi-Fi chip in the target device in the remote execution of arbitrary malicious code.
! [](/Article/UploadPic/2017-4/20174642953488. png? www. myhack58. com?)
Security researchers say that iPhone 5 and the new iPhone, the iPad fourth generation and after a new tablet, the iPod Touch sixth generation, all running iOS 10.3 operating system of Apple devices will be affected by this security vulnerability. It is worth noting that the iPhone 5 and the iPhone 5C is Apple’s last two models have a 32-bit processor chip, the A6 devices, and since the iPhone 5S using a 64-bit processor, so the iPhone 5S will not be affected by the vulnerability.
If you want to learn more about the vulnerability details, then you probably have to wait until tomorrow, the vulnerability details have been released, the link address is: https://googleprojectzero.blogspot.jp/2017/04/over-air-exploiting-broadcoms-wi-fi_4.html because tomorrow Beniamini will be dedicated to publishing an article to explain in detail the vulnerability of the technical details as well as the vulnerability to the user.
In addition, in the iOS 10.3 official version of the upgrade process, iPhone5, iPhone5c、iPad4 users 32-bit devices can use the OTA upgrade, you can only use iTunes to manually installed. Many users worry about the next iOS upgrade will be to abandon this part of the old device, but Apple says the updated iOS 10.3.1 has fixed the problem, the old users no longer have to worry about it. With iOS 10.3.1 release, we also confirmed that the Apple of this assertion.
Summary
The majority of users by Settings-General-Software Update to download and install iOS 10.3.1 for. Running iOS 10.3 Apple devices in a networked state will receive iOS 10.3.1 update prompt, so we advise everyone as soon as possible to install the Update Patch. But xiaobian personally believe that the Apple device’s Wi-Fi seemingly forever there are a variety of small problems, such as not connected or the network speed is too slow, etc., don’t the update is able to improve the Apple device’s Wi-Fi status.
6.8 Medium
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.004 Low
EPSS
Percentile
69.9%