Over The Air: Exploiting Broadcom’s Wi-Fi Stack (Project Zero)

Here's alengthy and detailed description of how the Project Zero team reverseengineered Broadcom's proprietary WiFi processor and developed a remotecode execution exploit. "All that said and done, the introduction ofWi-Fi FullMAC chips does not come without a cost. Introducing these newpieces of hardware, running proprietary and complex code bases, may weakenthe overall security of the devices and introduce vulnerabilities whichcould compromise the entire system."