Security News Google Patches Critical ‘Broadpwn’ Bug in July Security Update (iOS impacted by flawed chipset)

[LASER_oneXM]

Affected by the flaw are Android versions 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1.

Google released a security patch Wednesday that addresses a critical vulnerability dubbed “Broadpwn” found in millions of Android devices that could allow remote attackers to execute code on targeted devices.

The so-called Broadpwn bug is tied to a vulnerability in Broadcom’s BCM43xx family of WiFi chips. According to Nitay Artenstein, a researcher with Exodus Intelligence that discovered the vulnerability, Apple iOS devices are also impacted by the flawed chipset

In total July’s Android Security Bulletin addressed 11 critical security flaws found the Android platform. Among the most serious, according to Google, is a “severe vulnerability” found in the Mediaserver process in the Android operating system. The bug (CVE-2017-0540) “could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.”