https://googleprojectzero.blogspot.co.u ... -fi_4.html
While I'm no security researcher, the chipper signoff:
...sounds like the kind of thing that's probably undesirable. Google and Apple have both released security updates to address the problem in phone handsets with affected Broadcom chipsets.'In the next blog post, we’ll see how we can use our assumed control of the Wi-Fi SoC in order to further escalate our privileges into the application processor, taking over the host’s operating system!'
The article namedrops the BCM4339 and BCM4358, and the associated bug reports (https://bugs.chromium.org/p/project-zer ... il?id=1047) mysteriously end with '...I believe this vulnerability's scope includes a wider range of Broadcom SoCs and versions'. I'm not sure whether the BCM43438 is affected or not, but it would be interesting to know one way or another.