Broadcom's Buffer Problem
Security researcher 'Johnny Cache' highlights another WiFi driver security issue
Broadcom Corp. (Nasdaq: BRCM) is the latest WiFi vendor to have its security cast into doubt, with the discovery of a potential flaw by one of the researchers that showed off a now-notorious hack against Apple Inc. (Nasdaq: AAPL)'s Macbook recently. (See Users Eye New 802.11 Security Issues , Apple's Core Is Secure, and Apple Issues Security Alert.)
Jon Ellch, aka Johnny Cache, has now reported a WiFi driver vulnerability to chipmaker Broadcom that could allow malicious types to take over a user's computers. The Broadcom driver BCMWL5.SYS version 3.50.21.10 driver ships with PCs from Dell Inc. (Nasdaq: DELL), Hewlett-Packard Co. (NYSE: HPQ), and other major computer makers.
"Broadcom has released a fixed driver to their partners, which are in turn providing updates for the affected products," notes Ellch in his bug report. So far, however, only Linksys has issued a patch.
Security house Secunia is calling the security "moderately critical" and suggests that users switch off their WiFi radios when not in use.
Broadcom is by no means the only vendor to have faced firmware-level WiFi security issues recently. Aside from Apple's patches, Intel Corp. (Nasdaq: INTC) also had to warn about a driver vulnerability back in August. (See Intel's Centrino Vulnerability.)
— Dan Jones, Site Editor, Unstrung
About the Author
You May Also Like
Cybersecurity Day: How to Automate Security Analytics with AI and ML
Dec 17, 2024The Dirt on ROT Data
Dec 18, 2024