Key Information CVE ID: CVE-2017-7103 Vulnerability Type: Heap Overflow Affected Module: AppleBCMWLANCore driver Trigger Condition: Processing completed firmware timestamp message (0x27) Fix Status: Fixed Priority: P2 Severity: S1 Report Date: June 21, 2017 Fix Date: September 19, 2017 Technical Details Background Broadcom's Wi-Fi HardMAC SoC is used to handle PHY and MAC layer events and is commonly found in mobile devices and Wi-Fi routers. In iOS: The "AppleBCMWLANBusInterfacePCIe" driver handles PCIe interface and low-level communication protocols. The "AppleBCMWLANCore" driver handles high-level protocols and Wi-Fi configuration. Communication between the host and the Wi-Fi module (dongle) occurs via message rings, including: H2D communication (host to module) D2H communication (module to host) Vulnerability Details When processing events of a specific message type (_CONTROL_COMPLETE_), the function iterates through messages and delegates handling to the function. The vulnerability occurs during the call to , leading to a buffer overflow. Environmental Factors iOS Version: iPhone 7 (build 14C92) Reporter and Fixer Reporter: Google Project Zero member Fixer: Apple development team Additional Notes Involves firmware and hardware driver-level issues; binary code review was conducted after the fix.