Wi-Fi in Apple iOS before 10.3.1 does not prevent CVE-2017-6956 stack buffer overflow exploitation via a crafted access point. NOTE: because an operating system could potentially isolate itself from CVE-2017-6956 exploitation without patching Broadcom firmware functions, there is a separate CVE ID for the operating-system behavior.
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
| Link | Tags |
|---|---|
| http://www.securitytracker.com/id/1038172 | vdb entry |
| http://www.securityfocus.com/bid/97328 | vdb entry third party advisory |
| https://googleprojectzero.blogspot.com/2017/04/over-air-exploiting-broadcoms-wi-fi_4.html | exploit third party advisory technical description |
| https://support.apple.com/HT207688 | vendor advisory |
| https://twitter.com/4Dgifts/status/849268365457850370 | third party advisory |
| http://seclists.org/fulldisclosure/2019/May/24 | mailing list |
| https://support.apple.com/kb/HT210121 | |
| https://seclists.org/bugtraq/2019/May/30 | mailing list |