Security News > 2021 > July > Apple fixes bug that breaks iPhone WiFi when joining rogue hotspots
Apple has rolled out security updates to address dozens of iOS and macOS vulnerabilities, including a severe iOS bug dubbed WiFiDemon that could lead to denial of service or arbitrary code execution.
The vulnerability, tracked as CVE-2021-30800 and a zero-day bug when security researcher Carl Schou publicly disclosed it, was fixed by Apple with the release of iOS 14.7 earlier this week.
Successful exploitation would make it possible to break an iPhone's Wi-Fi functionality on joining hotspots with SSIDs containing the "%" character.
Luckily, as mobile security startup ZecOps revealed, the zero-click remote code execution component of WiFiDemon was only present starting with iOS 14.0 and was silently addressed by Apple with the release of iOS 14.4.
Attackers could exploit this bug by planting malicious Wi-Fi hotspots in popular and highly circulated areas to attack iPhone devices configured to auto-join new Wi-Fi networks.
The bug impacts iPhone 6s and later, all iPad Pro models, iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch, as Apple revealed in a security advisory published earlier this week.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-08 | CVE-2021-30800 | Unspecified vulnerability in Apple Iphone OS This issue was addressed with improved checks. low complexity apple | 8.8 |