Drivers for Wi-Fi chips Broadcom contain a number of vulnerabilities affecting devices on different operating systems, including Linux and macOS. According to the warnings of the Ministry of internal security of the United States and team coordination center CERT; provide the ability to execute code and cause a denial of service devices.
In total we are talking about the five vulnerabilities in the Broadcom wl driver and open the driver brcmfmac for Wi-Fi chips Broadcom. The first contains two vulnerabilities, buffer overflow, while the second affected bypass confirmation frame and buffer overflow. Problems received identifiers (CVE-2019-8564, CVE-2019-9500, CVE-2019-9501, CVE-2019-9502 and CVE-2019-9503). Technical details and a list of manufacturers whose devices are vulnerable available here.
The problems can be proekspluatirovat by sending a specially crafted Wi-Fi packets to execute arbitrary code, but it is noted that most often bugs lead to malfunction of devices.
In February, Broadcom has fixed two vulnerabilities in the driver brcmfmac for FullMAC cards, Apple also eliminated the bug CVE-2019-8564 in mid-April with the release of security updates for macOS 10.12.6 Sierra, High Sierra 10.13.6 macOS and macOS Mojave 10.14.3.
Read more •••