Security News
Tens of Vulnerabilities Patched by Apple in macOS and iOS. Apple this week started rolling out security updates for iOS, macOS, iPadOS, watchOS, tvOS, and Safari, to address tens of vulnerabilities, including some that could result in arbitrary code execution. A total of 37 security holes were resolved with the release of iOS 14.7 and iPadOS 14.7, including a recently detailed bug that attackers could exploit to crash the Wi-Fi functionality of vulnerable devices.
The Wi-Fi network name bug that was found to completely disable an iPhone's networking functionality had remote code execution capabilities and was silently fixed by Apple earlier this year, according to new research. The denial-of-service vulnerability, which came to light last month, stemmed from the way iOS handled string formats associated with the SSID input, triggering a crash on any up-to-date iPhone that connected to wireless access points with percent symbols in their names such as "%p%s%s%s%s%n.
Safety Vision pushes the mobile video frontier by bringing WiFi 6e speed to Network Video Recorders and SafetyNet Central Management System. "Not all WiFi networks are the same. By helping our customers move to WiFi 6e 802.11ax wireless, they can achieve 4x faster download speeds over earlier WiFi reducing the time fleet vehicles must stay within range of their wireless access points," said Bruce Smith, CEO. WiFi 6e will also allow more buses, or other fleet vehicles to be connected to access points at the same time while significantly improving data security with WPA3 protocols.
It's already nearly two months since Apple's last security update to iOS 14, which was back on 2021-05-24 when iOS 14.6 appeared. So we weren't surprised to see that another patch is out, officially listed [2021-07-19] as covering iOS, tvOS and watchOS. Annoyingly, there's no mention of iPadOS, which has typically been listed on the same line as its related iOS update in recent Apple security reports.
Apple in early 2021 quietly patched an iOS vulnerability that could lead to remote code execution when connecting to a Wi-Fi access point that had a specially crafted SSID. The issue was initially brought to light last month, when reverse engineer Carl Schou discovered that the Wi-Fi functionality on his iPhone would completely crash when connecting to a hotspot that had the SSID "%p%s%s%s%s%n. The issue, which impacts all iOS devices running iOS 14.0 to 14.6, was deemed to be a format string bug, where iOS is considering the characters that follow "%" as string-format specifiers, meaning that they are processed as commands, rather than text.
Security researchers investigating a bug that crashed the Wifi service on iPhones found that it could be exploited for remote code execution without user interaction. When initially disclosed, the bug could disable an iPhone's WiFi connection after trying to connect to a network with a name that included a special character.
Schou set up a Wi-Fi access point with a network name of %p%s%s%s%s%n, and then deliberately connected his iPhone to it in order to check for what are known as format string vulnerabilities. The name format string vulnerability comes from a standard, widely-used system function, found in almost every operating system, known as printf(), shorthand for format and print data.
NETGEAR announced the availability of the fourth member in its Insight Managed WiFi 6 Access Points, the Insight Managed WiFi 6 AX6000 Tri-band Multi-gig Access Point, designed to provide the ultimate WiFi performance for small and medium businesses. This new tri-band access point brings next-generation premium WiFi 6 performance to small and medium businesses, delivering up to 40% higher1 speeds to each connected device as compared to WiFi 5.
Joining a Wi-Fi network with a specific sequence of characters in its SSID name will break wireless connectivity for iOS devices. On Friday, Carl Schou, a security researcher in Denmark, reported that his iPhone lost its Wi-Fi capability after attempting to connect to a Wi-Fi network named "%p%s%s%s%s%n".
FUD is spreading about a weirdly named personal network that a reverse engineer stumbled across and which he said "Permanently" wrecked his iPhone's Wi-Fi. TL;DR version: The twitching inflicted on his iPhone, which he demonstrated in the 4-second Tweet below, wasn't permanent. As replies to the initial post pointed out, an iPhone's Wi-Fi can be restored by resetting network settings.