Google releases patch against BroadPwn

Today Google has released its latest monthly security update for Android devices, and this update includes a fix for a serious bug Dubbed BroadPwd which is in some Broadcom Wi-Fi chipsets that affects millions of Android devices.

The BroadPwn vulnerability (CVE-2017-3544) has been discovered by Exodus Intelligence researcher Nitay Artenstein says the critical remote code execution vulnerability resides in Broadcom’s BCM43xx family of WiFi chipsets, which can be triggered remotely without user interaction, and allows a remote attacker to execute malicious code on targeted Android devices with kernel privileges.The flawed Wi-Fi chipset also impacts Apple iOS devices.

The over-the-air updates and firmware for Google devices have already been issued by the company for its Pixel and Nexus devices, however the rest of Android owners will still be vulnerable for months to come as they need to wait for an update from their OEMs.

Orignal source: the hacker news