A newly discovered vulnerability could compromise wireless capabilities on millions of iPhone devices over a conventional WiFi connection, which would prevent networking even if the access point is rebooted or renamed. This class of flaws could be exploited by threat actors using fake WiFi access points for various malicious purposes.
Carl Schou, a mobile security specialist, reported how he had a problem while connecting to his own WiFi hotspot (identified as ‘%p%s%s%s%s%n’). After some failed attempts the expert noticed that the WiFi functionality of his device was automatically disabled and enabled, a situation that was repeated even after restarting the device.
The expert mentioned that his tests worked successfully on an iPhone XS device running iOS v14.4.2. Moreover, a group of specialists confirmed that this flaw is also present in iPhone v14.6 devices.
Apparently, the only way to correct this problem is to reset the network settings of the affected devices. Affected iPhone users can follow these steps to address the issue:
- Go to the Settings menu on your iPhone, select the General option
- Under General, select Reset
- You will now be on the Reset screen, where you can reset various functions of the iOS system
- On this screen, select the ‘Reset network settings’ option and confirm that you want to continue with this process
These flaws are considered serious, as threat actors can create malicious WiFi hotspots, attracting users looking for free WiFi connections. The good news is that apparently this issue only exists on some versions of iOS, so Android device users are not affected.
Additional reports indicate that this flaw could exist due to the appearance of strings with the character “%” in the name of some WiFi access points. The operating system may misinterpret this symbol as a string format specification. This hypothesis could be confirmed in the coming days.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.
