If you needed another reason to update to iOS 11, here’s one: security researchers have discovered a critical vulnerability in iOS 10 that could allow hackers to hijack an iPhone over Wi-Fi networks.
The flaw was first discovered by Gal Beniamini, a researcher with Google Project Zero. The vulnerability exists in devices with Broadcom Wi-Fi chips, which includes iPhones, Galaxy smartphones, and a wide range of other devices. It can allow an attacker to remotely take control of a user’s smartphone over local Wi-Fi connections.
All that’s needed for an attacker to hijack a handset is the device’s MAC address — which is easy enough to obtain over local networks. It’s a serious threat to iPhone and Android owners, and to hammer home the risk it could pose to users, Beniamini published a proof-of-concept exploit to demonstrate its danger. Researchers have tested the exploit in iOS 10.2, but believe that all versions including iOS 10.3.3 are similarly at risk.
Beniamini informed Broadcom of the flaw, and also privately reported the vulnerability to Google’s bug-reporting system in August, The Hacker News reported.
The flaw only exists on Broadcom Wi-Fi chips running the BCM4355C0 firmware version — which is used across a plethora of smartphones, smart TVs and set-top boxes like the Apple TV. As users can’t readily tell which firmware version that their devices are running, it’s recommended that all iPhone users upgrade to iOS 11.
The vulnerability has been patched in Apple’s latest software, according to release notes on iOS 11’s and tvOS 11’s security content. Google also appears to have fixed the issue for its Pixel and Nexus devices, though users of other Android handsets will need to wait for their particular manufacturers to push an update out.
If you’re on a compatible iPhone, it’s strongly recommended that you update to iOS 11 or tvOS 11 as soon as possible.