News

New Wi-Fi bug in iOS could also be exploited without user intervention

By admin
Spread the love

The vulnerability in iOS that could crash a phone by connecting to a particular SSID could also be exploited for remote code execution. Apple has since closed that leak after a report from security researchers.

The new bug was discovered by security company researchers ZecOps. They call the vulnerability WiFiDemon. It is a zero-click vulnerability, so no user intervention is required. Attackers could connect an iPhone to a particular Wi-Fi network and run code on the phone remotely.

WiFiDemon builds on a vulnerability previously discovered in iOS. That bug allowed wifi to be disabled on an iPhone if it connected to ssid %p%s%s%s%s%n. It later turned out that other similar strings also caused bootloops in the Wi-Fi functionality, causing it to crash. Apple removed the ability to connect to SSIDs containing the %n string, but Zecops says that’s not the only possible vulnerability.

The researchers managed to create an SSID with the format specifier %@ used in Objective-C. As in the previous vulnerability, if an attacker can get a phone to connect to an SSID network that starts with it, it could cause a bootloop. The vulnerability can also be exploited without user intervention. To do this, an attacker would need to put %@ after an SSID to which a phone is already connected. If a user has ‘Connect automatically’ enabled for Wi-Fi networks, the phone will automatically connect to the wrong network. According to the researchers, a use after free could then be triggered with which it is possible to execute code on a telephone.

The vulnerability was in iOS versions 14 through 14.4. The researchers say the zero-click capability has been fixed in iOS 14.6, but in that version it is still possible to crash Wi-Fi if an attacker can get a user to connect to a unique SSID. This requires user interaction. For older versions, users could disable automatic scanning for and connecting to Wi-Fi networks. The crash did not get a CVE code. Apple released iOS 14.7 this week, but in the release notes nothing specific about this leak.

You might also like
News

Apple has been working on its own search engine for years. It’s called…

News

Rumor: Apple is working on its own applications based on a large language model

News

Microsoft announces Bing Chat Enterprise and Copilot pricing for businesses

News

Russian ministry bans iPhones due to suspicion of espionage

News

Rumor: First Macs with M3 sockets coming in October

News

IEEE publishes li-fi standard for wireless internet via light