IOS Developers Fixed Wi-Fi Naming Issue
Apple developers have released patches for dozens of vulnerabilities in iOS and macOS, including fix of a serious Wi-Fi issue that could lead to denial of service or arbitrary code execution.
Researcher Carl Schou discovered a bug in an iPhone last month. It disrupts wireless connectivity when connected to a hotspot with a specific name. This issue has ID CVE-2021-30800 now.The problem was encountered while connecting to an access point named “%p%s%s%s%s%n”. When trying to connect to this network, Wi-Fi on the device simply turned off, and when the expert tried to turn it on again, nothing happened either after restarting the device or after changing the SSID.
Only a full reset of the network settings on the device helped (to clear local files from the problematic network name).
As specialists of the ZecOps startup later found out, using this bug, dubbed WiFiDemon, attackers could also execute arbitrary code without user interaction.
ZecOps noted that the original that bug Shu discovered last month affects all versions of iOS 14.x, while WiFiDemon only affects iPhones and iPads running iOS 14.0 through 14.4. That is, the bug was fixed in January 2021 with the release of iOS 14.4, but Apple did not seek to make this problem public.
Apple has now finally fixed the issue by releasing iOS 14.7 and reporting that the bug affected iPhone 6s and later, all iPad Pros, iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPods touch (7th generation). For those users who, for some reason, do not want to update the OS to this version, it is recommended to disable the function of automatic connection to Wi-Fi networks.