In a blog post by Gal Beniamini, he revealed that a hacker within the range of a shared WiFi network will potentially be able to execute arbitrary code on a targeted device. This ultimately resulted in a full device takeover just through WiFi alone and requires no user interaction, meaning that the victim doesn’t need to click a link or download a file for this hack to work.
Before you panic, we should note that Apple has since addressed the flaw with the release of iOS 10.3.1. Unfortunately for Android users, ArsTechnica writes, “As is all too often the case for Android users, there’s no easy way to get a fix immediately, if at all. That’s because Google continues to stagger the release of its monthly patch bundle for the minority of devices that are eligible to receive it.”
Thankfully this hack exists as a proof-of-concept right now as there has been no proof that it has been used in real life, but hopefully for the sake of Android users Google and Android OEMs will release a patch to address this bug in the near future.