Apple released its newest security update today in the form of iOS 10.3.3. As is standard, the update patches multiple vulnerabilities, including some that could have allowed for remote code execution, aka an attacker doing things on your device that you don’t want and without your knowledge. This time around, Apple has also patched a bug that would have let attackers execute code on devices’ Broadcom Wi-Fi chip, which could let them seize control of the device.
The bug, known as CVE-2017-9417, was first publicized in an Android security bulletin along with the abstract for a presentation that’ll be given at the BlackHat cybersecurity conference later this month. We’ll likely get more details on how an exploit works at that time. Generally, the bug affects Broadcom’s BCM4354, 4358, and 4359 chips. Lots of phones use these chips to connect to Wi-Fi, including devices from HTC, LG, Google, Samsung, and Apple. A successful attack would basically hand your device over to attackers. This is a scary possibility, so you should probably patch your device immediately.
Of course, every iOS update includes fresh patches and this is likely just another in a list of yet-to-be discovered or disclosed vulnerabilities. A perk of using an iPhone or iPad, at least compared to Android devices, are these regularly scheduled releases from Apple. Although Google has patched this vulnerability, Android users have to rely on their phone carriers to release the update over the air. I’m not going to tell you how to live, but do consider patching.