The Hacker News

Security researcher Andres Blanco from CoreSecurity discovered a serious vulnerability in two Wireless Broadcom chipsets used in Smartphones. Broadcom Corporation, a global innovation leader in semiconductor solutions for wired and wireless communications.

Broadcom BCM4325 and BCM4329 wireless chipsets have been reported to contain an out-of-bounds read error condition that may be exploited to produce a denial-of-service condition. Other Broadcom chips are not affected. The CVE ID given to issue is CVE-2012-2619.

In advisory they reported that this error can be leveraged to denial of service attack, and possibly information disclosure. An attacker can send a RSN (802.11i) information element, which causes the Wi-Fi NIC to stop responding.
Products containing BCM4325 chipsets:
  • Apple iPhone 3GS
  • Apple iPod 2G
  • HTC Touch Pro 2
  • HTC Droid Incredible
  • Samsung Spica
  • Acer Liquid
  • Motorola Devour
  • Ford Edge (yes, it's a car)
Products containing BCM4329 chipsets:
  • Apple iPhone 4
  • Apple iPhone 4 Verizon
  • Apple iPod 3G
  • Apple iPad Wi-Fi
  • Apple iPad 3G
  • Apple iPad 2
  • Apple Tv 2G
  • Motorola Xoom
  • Motorola Droid X2
  • Motorola Atrix
  • Samsung Galaxy Tab
  • Samsung Galaxy S 4G
  • Samsung Nexus S
  • Samsung Stratosphere
  • Samsung Fascinate
  • HTC Nexus One
  • HTC Evo 4G
  • HTC ThunderBolt
  • HTC Droid Incredible 2
  • LG Revolution
  • Sony Ericsson Xperia Play
  • Pantech Breakout
  • Nokia Lumina 800
  • Kyocera Echo
  • Asus Transformer Prime
  • Malata ZPad
The DoS issue does not in any way compromise the security of users data. Broadcom has a patch available that addresses the issue and makes devices that include the BCM4325 and BCM4329 immune to a potential attack. The Proof of Concept Code and technical details are available at Advisory.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.