broadpwn is a heap overflow on Broadcom Wi-Fi chips. It’s triggered when a device receives a WME (Quality-of-Service) information element with a malformed length from a connected network : http://boosterok.com/blog/broadpwn/ and http://boosterok.com/blog/broadpwn2/ for the exploitation
4 Likes
Awesome! Thanks for sharing! =D