BroadPwn Exploit

[CheMillan]

Hello,

The Wi-Fi Broadcom firmware version of my 2013 iMac is: Broadcom BCM43xx 1.0 (7.15.166.24.3).
My iMac has Yosemite 10.10.5, Safari 10.1.2, and Security Update 2017-003 installed. I would like to know if my iMac is vulnerable to the BroadPwn exploit. Thanks

 

[inaka]

Hello,

The Wi-Fi Broadcom firmware version of my 2013 iMac is: Broadcom BCM43xx 1.0 (7.15.166.24.3).
My iMac has Yosemite 10.10.5, Safari 10.1.2, and Security Update 2017-003 installed. I would like to know if my iMac is vulnerable to the BroadPwn exploit. Thanks

Yes, your iMac is vulnerable to the BroadPwn exploit.
That security update did not address the BroadPwn exploit.
There is currently no "fix" for that specific exploit for Mac OS X 10.11 or earlier, other than turning off Wifi.

 

[cynics]

Any reason in particular you are sticking with Yosemite? I understand the "if it ain't broke" mentality but in my experience Yosemite was the worst performing OSX release the 2013 iMac had.
[doublepost=1501111198][/doublepost]

Yes, your iMac is vulnerable to the BroadPwn exploit.
That security update did not address the BroadPwn exploit.
There is currently no "fix" for that specific exploit for Mac OS X 10.11 or earlier, other than turning off Wifi.

BTW, do you have a source for this? Yosemite security update 2017-003 was released from Apple the same day they patched the exploit in the rest of their line up.

 

[chrfr]

BTW, do you have a source for this? Yosemite security update 2017-003 was released from Apple the same day they patched the exploit in the rest of their line up.

It's right in the security notes for the update. The wifi patch only applies to 10.12.6.

Available for: macOS Sierra 10.12.5

Impact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip

Description: A memory corruption issue was addressed with improved memory handling.

Notice how 10.10.5 and 10.11.6 are not mentioned in the "available for" section.
From https://support.apple.com/en-us/HT207922