Google Patches Critical ‘Broadpwn’ Bug in July Security Update

The July Android Security Bulletin patches 11 critical remote-code execution bugs including one dubbed ‘Broadpwn’ that impacts both Android and iOS devices.

Google released a security patch Wednesday that addresses a critical vulnerability dubbed “Broadpwn” found in millions of Android devices that could allow remote attackers to execute code on targeted devices.

The so-called Broadpwn bug is tied to a vulnerability in Broadcom’s BCM43xx family of WiFi chips. According to Nitay Artenstein, a researcher with Exodus Intelligence that discovered the vulnerability, Apple iOS devices are also impacted by the flawed chipset (CVE-2017-3544).

As part of its July Android Security Bulletin, issued late Wednesday, Google said the vulnerability could allow a “proximate attacker to execute arbitrary code within the context of the kernel.”

Artenstein, who is scheduled to present his research on the Broadpwn vulnerability at Black Hat USA 2017, said in a preview of his talk the vulnerability, “can be triggered remotely, without user interaction.” He added, the vulnerability “is found in an extraordinarily wide range of mobile devices – from various iPhone models, to HTC, LG, Nexus and practically the full range of Samsung flagship devices.”

The researcher said he was able to bypass mitigations such as DEP and ASLR and gain access to Broadcom’s BCM43xx WiFi chipset. He wrote, “…what happens when, underneath your heavily hardened OS, a separate chip parses all your Wi-Fi packets – and runs with no exploit mitigations whatsoever?”

Neither Broadcom nor Apple returned immediately returned a request for comment on Thursday.

Still unclear is how the Broadpwn may impact iOS devices, how many device models may be impacted and if a patch has already been issued by Apple.

In total July’s Android Security Bulletin addressed 11 critical security flaws found the Android platform. Among the most serious, according to Google, is a “severe vulnerability” found in the Mediaserver process in the Android operating system. The bug (CVE-2017-0540) “could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.”

Affected by the flaw are Android versions 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1.

All eleven of the critical flaws reported in the July Android Security Bulletin were remote-code execution bugs. Ninety-four of the bugs issued were rated “high”, with a total of 137 bugs patched.

Google said an over-the-air updates and firmware for Google devices have been issued for its Pixel and Nexus lines of devices.

Suggested articles

Discussion

  • John Hoy on

    I have a ZTE Champ on Total Wireless. Their website claims to be updating devices on Android 4.X. When I called their customer support the Customer Care Specialist claims that there is no information that she has as to what security patches are being pushed to their phones. I was told by the same person to connect to android.com and download the patches from there. Total wireless apparently doesn't care about their customers.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.