Once again, both Google and Apple have cooperated as part of a mobile operating system vendor industry coordination effort to patch a critical vulnerability in a common Wi-Fi component.
The CVE-2017-11120 and CVE-2017-11121 vulnerabilities are both critical Remote Code Execution (RCE) vulnerabilities in the Broadcom Wi-Fi driver that is used by both Apple iOS and Google Android operating systems.
“An attacker within range may be able to execute arbitrary code on the Wi-Fi chip,” Apple warned in its security advisory for the CVE-2017-11120 and CVE-2017-11121 vulnerabilities.
Apple patched the two issues with the iOS 11 update, while Google included the patches as part of its September Android update. Both of the issues were reported to the impacted vendors by security researcher Gal Beniamini of Google Project Zero.
Beniamini was previously credited in April 2017 with finding multiple other Broadcom Wi-Fi driver issued in Android and IOS.
Beniamini isn’t the only security researcher to identify critical RCE vulnerabilities in Broadcom’s Wi-Fi drivers either. Nitay Artenstein, security researcher at Exodus Intelligence, reported a set of Broadcom RCE’s he branded as ‘Broadpwn’ that were patched by Google and iOS in July and publicly detailed during a session at the Black Hat USA security conference the same month.
In addition to CVE-2017-11120 and CVE-2017-11121 which impact both iOS and Android, Google is patching for one additional critical Broadcom Wi-Fi RCE identified as CVE-2017-7065.
In contrast Apple is patching for seven additional Wi-Fi issues which were reported by Beniamini.
“Malicious code executing on the Wi-Fi chip may be able to execute arbitrary code with kernel privileges on the application processor,” Apple warns in its advisory for CVE-2017-7103, CVE-2017-7105, CVE-2017-7108, CVE-2017-7110 ,CVE-2017-7112 and CVE-2017-7115
The CVE-2017-7116 Wi-Fi issue reported by Beniamini is a bit different than the others, with Apple noted that the flaw could have enabled malicious code executing on the Wi-Fi chip to be able to read restricted kernel memory.
Sean Michael Kerner is a senior editor at eSecurityPlanet and InternetNews.com. Follow him on Twitter @TechJournalist.