Security News > 2021 > July > Turns Out That Low-Risk iOS Wi-Fi Naming Bug Can Hack iPhones Remotely

The Wi-Fi network name bug that was found to completely disable an iPhone's networking functionality had remote code execution capabilities and was silently fixed by Apple earlier this year, according to new research.

The denial-of-service vulnerability, which came to light last month, stemmed from the way iOS handled string formats associated with the SSID input, triggering a crash on any up-to-date iPhone that connected to wireless access points with percent symbols in their names such as "%p%s%s%s%s%n.

While the issue is remediable by resetting the network settings, Apple is expected to push a patch for the bug in its iOS 14.7 update, which is currently available to developers and public beta testers.

All iOS versions starting with iOS 14.0 and prior to iOS 14.3 were found to be vulnerable to the RCE variant, with Apple "Silently" patching the issue in January 2021 as part of its iOS 14.4 update.

Given the exploitable nature of the bug, it's highly recommended that iPhone and iPad users update their devices to the latest iOS version to mitigate the risk associated with the vulnerability.

Update: Apple has officially released iOS 14.7 and iPadOS 14.7 with bug fixes and security enhancements, which also comes with a patch for the Wi-Fi denial-of-service issue.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/TBSEy5OiD9k/turns-out-that-low-risk-ios-wi-fi.html