News

New WiFi bug in iOS could also be exploited without user intervention

By admin
Spread the love

The iOS vulnerability that allowed a phone to crash by connecting to a particular SSID could also be exploited for remote code execution. Apple has since closed that leak after a report from security researchers.

The new bug was discovered by researchers at security company ZecOps. They call the vulnerability WiFiDemon. It is a zero-click vulnerability, so no user intervention is required. Attackers were able to connect an iPhone to a specific Wi-Fi network and thus execute code on the phone from a distance.

WiFiDemon builds on a vulnerability previously discovered in iOS. That bug allowed to disable Wi-Fi on an iPhone when connected to ssid %p%s%s%s%s%n. Later, other similar strings were found to cause bootloops in the Wi-Fi functionality, causing it to crash. Apple removed the ability to connect to ssids containing the %n string, but Zecops says that’s not the only potential vulnerability.

The researchers managed to create an ssid with the format specifier %@ used in Objective-C. If an attacker can make a phone connect to an ssid network that starts with that, it can cause a bootloop, just like in the previous leak. The vulnerability can also be exploited without user intervention. To do this, an attacker must put %@ behind an ssid that a phone is already connected to. If a user has ‘Connect automatically’ enabled for Wi-Fi networks, the phone will automatically connect to the wrong network. According to the researchers, a use after free could then be triggered that makes it possible to run code on a phone.

The vulnerability was in iOS versions 14 through 14.4. The researchers say that the zero-click capability was fixed in iOS 14.6, but that version still allows Wi-Fi to crash if an attacker allows a user to connect to a unique SSID. This requires user interaction. For older versions, users could disable automatic scanning for and connecting to Wi-Fi networks. The crash did not receive a CVE code. Apple released iOS 14.7 this week, but the release notes don’t say anything specific about this leak.

You might also like
News

Apple has been working on its own search engine for years. It’s called…

News

Rumor: Apple is working on its own applications based on a large language model

News

EU Council determines position on security requirements for digital products

News

Microsoft announces Bing Chat Enterprise and Copilot pricing for businesses

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Russian ministry bans iPhones due to suspicion of espionage

Exit mobile version