Security Researcher from Google Zero Security team Gal Beniamini published proof of code that allowing remote read/write commands to be issued over the Wi-Fi chip and to gain control over iPhone 7.
The exploit has been tested against the Wi-Fi firmware as present on iOS 10.2 (14C92), but should work on all versions of iOS up to 10.3.3 says Beniamini.
Upon successful execution of the exploit, a backdoor is inserted into the firmware, allowing remote read/write commands to be issued to the firmware via crafted action frames (thus allowing easy remote control over the Wi-Fi chip).Beniamini added.
An attacker can run the code remotely which results in the installation of simple backdoor allowing read/write access to the firmware.
By installing the backdoor attacker can gain R/W access to the firmware and no user interaction is needed. Beniamini released PoC script and also the steps to run the exploit.
Security Patches Released – iPhone 7
Provided demo codes work on iPhone7 devices, but the vulnerability affects the range of devices with Broadcom WiFi chips, smart TVs with tvOS and Android Devices.
Beniamini said all the devices that using Broadcom WiFi Chip Firmware BCM4355C0 are vulnerable to CVE-2017-11120.