Broadcom's Buffer Problem

Security researcher 'Johnny Cache' highlights another WiFi driver security issue

Dan Jones, Mobile Editor

November 13, 2006

1 Min Read
Dark Reading logo in a gray background | Dark Reading

Broadcom Corp. (Nasdaq: BRCM) is the latest WiFi vendor to have its security cast into doubt, with the discovery of a potential flaw by one of the researchers that showed off a now-notorious hack against Apple Inc. (Nasdaq: AAPL)'s Macbook recently. (See Users Eye New 802.11 Security Issues , Apple's Core Is Secure, and Apple Issues Security Alert.)

Jon Ellch, aka Johnny Cache, has now reported a WiFi driver vulnerability to chipmaker Broadcom that could allow malicious types to take over a user's computers. The Broadcom driver BCMWL5.SYS version 3.50.21.10 driver ships with PCs from Dell Inc. (Nasdaq: DELL), Hewlett-Packard Co. (NYSE: HPQ), and other major computer makers.

"Broadcom has released a fixed driver to their partners, which are in turn providing updates for the affected products," notes Ellch in his bug report. So far, however, only Linksys has issued a patch.

Security house Secunia is calling the security "moderately critical" and suggests that users switch off their WiFi radios when not in use.

Broadcom is by no means the only vendor to have faced firmware-level WiFi security issues recently. Aside from Apple's patches, Intel Corp. (Nasdaq: INTC) also had to warn about a driver vulnerability back in August. (See Intel's Centrino Vulnerability.)

— Dan Jones, Site Editor, Unstrung

About the Author

Dan Jones

Dan Jones

Mobile Editor

Dan is to hats what Will.I.Am is to ridiculous eyewear. Fedora, trilby, tam-o-shanter -- all have graced the Jones pate during his career as the go-to purveyor of mobile essentials.

But hey, Dan is so much more than 4G maps and state-of-the-art headgear. Before joining the Light Reading team in 2002 he was an award-winning cult hit on Broadway (with four 'Toni' awards, two 'Emma' gongs and a 'Brian' to his name) with his one-man show, "Dan Sings the Show Tunes."

His perfectly crafted blogs, falling under the "Jonestown" banner, have been compared to the works of Chekhov. But only by Dan.

He lives in Brooklyn with cats.

See more from Dan Jones
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Subscribe

You May Also Like

More Insights
Webinars
More Webinars
Events
More Events

Editor's Choice

Pegasus Spyware concept with binary code background
Endpoint Security
WhatsApp: NSO Group Operates Pegasus Spyware for CustomersWhatsApp: NSO Group Operates Pegasus Spyware for Customers
byJai Vijayan, Contributing Writer
Nov 18, 2024
4 Min Read
Laptop with Palo Alto networks logo
Cyberattacks & Data Breaches
Palo Alto Networks Patches Critical Zero-Day Firewall BugPalo Alto Networks Patches Critical Zero-Day Firewall Bug
byBecky Bracken, Senior Editor, Dark Reading
Nov 18, 2024
3 Min Read
ChatGPT, typed out on a screen
Сloud Security
ChatGPT Exposes Its Instructions, Knowledge & OS FilesChatGPT Exposes Its Instructions, Knowledge & OS Files
byNate Nelson, Contributing Writer
Nov 15, 2024
4 Min Read
Reports
More Reports
Webinars
More Webinars
White Papers
More Whitepapers
Events
More Events