An issue exists on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apple ipados |
||
apple iphone os |
||
apple mac os x |
||
broadcom bcm4389_firmware - |
||
broadcom bcm43012_firmware - |
||
broadcom bcm43013_firmware - |
||
broadcom bcm4375_firmware - |
||
broadcom bcm43752_firmware - |
||
broadcom bcm4356_firmware - |
It's not like you can snoop on anyone right now anyway, right? Wi-Fi of more than a billion PCs, phones, gadgets can be snooped on. But you're using HTTPS, SSH, VPNs... right?
Proof-of-concept exploit code has emerged for last month's data-leaking KrØØk vulnerability present in a billion-plus Wi-Fi-connected devices and computers. The team at infosec outfit Hexway told The Register on Friday it has crafted a working exploit for the flaw which is present in equipment that uses Broadcom's communications chipsets. This design blunder can be abused by nearby miscreants to snatch snapshots of private data, such as web requests, messages, and passwords, over the air from ...
Encryption keys forced to zero by chip-level KrØØk flaw
A billion-plus computers, phones, and other devices are said to suffer a chip-level security vulnerability that can be exploited by nearby miscreants to snoop on victims' encrypted Wi-Fi traffic. The flaw [PDF] was branded KrØØk by the bods at Euro infosec outfit ESET who discovered it. The design blunder is otherwise known as CVE-2019-15126, and is related to 2017's KRACK technique for spying on Wi-Fi networks. An eavesdropper doesn't have to be logged into the target device's wireless networ...