Broadcom's Buffer Problem
Jon Jon Ellch, aka Johnny Cache, has now reported a WiFi driver vulnerability to chipmaker Broadcom that could allow malicious types to take over a user's computers. The Broadcom driver BCMWL5.SYS version 220.127.116.11 driver ships with PCs from Dell Technologies (Nasdaq: DELL), HP Inc. (NYSE: HPQ), and other major computer makers.
"Broadcom has released a fixed driver to their partners, which are in turn providing updates for the affected products," notes Ellch in his bug report. So far, however, only Linksys has issued a patch.
Security house Secunia is calling the security "moderately critical" and suggests that users switch off their WiFi radios when not in use.
Broadcom is by no means the only vendor to have faced firmware-level WiFi security issues recently. Aside from Apple's patches, Intel Corp. (Nasdaq: INTC) also had to warn about a driver vulnerability back in August. (See Intel's Centrino Vulnerability.) — Dan Jones, Site Editor, Unstrung