For individuals using Broadcom Wi-Fi, on April 17, 2019, the CERT Coordination Center (“CERT/CC”) published information identifying various vulnerabilities stemming from the Broadcom ‘w1’ driver and open source ‘brcmfmac’ driver for Broadcom Wi-Fi chipsets. Ultimately, these vulnerabilities could allow an unauthenticated attacker to execute arbitrary code on a vulnerable system, most frequently resulting in a denial-of-service (DoS) attack.
Patches have not been made available for the ‘w1’ driver. Until patches become available, a workaround is to connect exclusively to trusted Wi-Fi networks. Drawbridge Partners will continue to monitor the issue.
For additional information, please visit: https://www.kb.cert.org/vuls/id/166939/