A wi-fi community naming bug has been uncovered in Apple’s iOS functioning method that effectively disables an iPhone’s capability to link to a Wi-Fi community.
The difficulty was noticed by safety researcher Carl Schou, who discovered that the phone’s Wi-Fi operation will get forever disabled following becoming a member of a Wi-Fi community with the abnormal title “%p%s%s%s%s%n” even following rebooting the mobile phone or changing the network’s identify (i.e., service set identifier or SSID).
The bug could have critical implications in that undesirable actors could exploit the concern to plant fraudulent Wi-Fi hotspots with the identify in issue to break the device’s wireless networking functions.
Right after joining my personalized WiFi with the SSID “%p%s%s%s%s%n”, my Apple iphone permanently disabled it truly is WiFi performance. Neither rebooting nor modifying SSID fixes it :~) pic.twitter.com/2eue90JFu3
— Carl Schou (@vm_connect with) June 18, 2021
The problem stems from a string formatting bug in the manner iOS parses the SSID enter, triggering a denial of support in the method, according to Zhi Zhou, a senior stability engineer at Ant Economical Gentle-12 months Security Labs in a brief examination printed on Saturday.
“For the exploitability, it would not echo and the rest of the parameters really don’t seem to be like to be controllable. Consequently I you should not assume this case is exploitable,” Zhou mentioned. “After all, to induce this bug, you have to have to connect to that WiFi, in which the SSID is visible to the target. A phishing Wi-Fi portal web page may well as properly be extra helpful.”
While the problem just isn’t reproducible on Android devices, iPhones that have been afflicted by the issue would need to have their iOS network configurations reset by heading to Configurations > General > Reset > Reset Network Options and ensure the action.