Apple iOS 10.2 (14C92) - Remote Code Execution

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1317c3 The exploit achieves R/W access to the host's physical memory. This exploit has been tested on the iPhone 7, iOS 10.2 14C92. To run the exploit against different devices or versions, the symbols must be adjusted. The attache...

Broadcom: OOB write when handling 802.11k Neighbor Report Response(CVE-2017-11120)

Broadcom produces Wi-Fi HardMAC SoCs which are used to handle the PHY and MAC layer processing. These chips are present in both mobile devices and Wi-Fi routers, and are capable of handling many Wi-Fi related events without delegating to the host OS. In order to allow fast roaming between access...

Apple iOS 10.2 - Broadcom Out-of-Bounds Write when Handling 802.11k Neighbor Report Response

Apple iOS 10.2 - Broadcom Out-of-Bounds Write when Handling 802.11k Neighbor Report Response Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1289 The exploit gains code execution on the Wi-Fi firmware on the iPhone 7. The exploit has been tested against the Wi-Fi firmware as...

Apple iOS 10.2 - Broadcom Out-of-Bounds Write when Handling 802.11k Neighbor Report Response

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1289 The exploit gains code execution on the Wi-Fi firmware on the iPhone 7. The exploit has been tested against the Wi-Fi firmware as present on iOS 10.2 14C92, but should work on all versions of iOS up to 10.3.3 included. However...