Security News > 2021 > July > Apple fixes bug that breaks iPhone WiFi when joining rogue hotspots

Apple fixes bug that breaks iPhone WiFi when joining rogue hotspots
2021-07-23 18:18

Apple has rolled out security updates to address dozens of iOS and macOS vulnerabilities, including a severe iOS bug dubbed WiFiDemon that could lead to denial of service or arbitrary code execution.

The vulnerability, tracked as CVE-2021-30800 and a zero-day bug when security researcher Carl Schou publicly disclosed it, was fixed by Apple with the release of iOS 14.7 earlier this week.

Successful exploitation would make it possible to break an iPhone's Wi-Fi functionality on joining hotspots with SSIDs containing the "%" character.

Luckily, as mobile security startup ZecOps revealed, the zero-click remote code execution component of WiFiDemon was only present starting with iOS 14.0 and was silently addressed by Apple with the release of iOS 14.4.

Attackers could exploit this bug by planting malicious Wi-Fi hotspots in popular and highly circulated areas to attack iPhone devices configured to auto-join new Wi-Fi networks.

The bug impacts iPhone 6s and later, all iPad Pro models, iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch, as Apple revealed in a security advisory published earlier this week.


News URL

https://www.bleepingcomputer.com/news/security/apple-fixes-bug-that-breaks-iphone-wifi-when-joining-rogue-hotspots/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-09-08 CVE-2021-30800 Unspecified vulnerability in Apple Iphone OS
This issue was addressed with improved checks.
low complexity
apple
8.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apple 72 238 1567 2279 265 4349