New WiFi Vulnerability Affects All Apple iPhones | #ios | #apple | #iossecurity | #cybersecurity | #infosecurity | #hacker

Apple continues to break iPhone sales records, but the company also continues to generate headlines for the wrong reasons as well. And now a serious new warning has been issued to all iPhone users.

MORE FROM FORBESCritical App Store Scam Vulnerability Exposed, iPad And iPhone Users Warned

Reported by BleepingComputer, a significant flaw has been found in the WiFi of iPhones and it leaves millions of devices around the world vulnerable to exploitation. Furthermore, once triggered, iPhones are no longer able to connect to any wireless network.

The flaw was discovered by accident by reverse engineer Carl Schou after he tried to connect an iPhone to his personal WiFi that uses the SSID ‘%p%s%s%s%s%n’. The iPhone refused to connect then disabled its WiFi. “Neither rebooting nor changing SSID fixes it,” tweeted Schou. Instead the iPhone was caught in a loop, as seen in the screen recording below.

The iPhone Schou used was running iOS 14.4.2 but BleepingComputer consequently confirmed it also affects iPhones running the latest iOS 14.6 release. iPads were not tested but I would expect them to be vulnerable as well. Android devices are not affected.

So what is going on? According to research by security blog CodeColorist, the flaw is a Format String Bug where certain characters can be misread by an operating system to be commands rather than simply a name (in this case “%”). This causes devices to malfunction, something hackers can use to exploit devices or just cause malicious damage. The bug is similar to the SMS flaw which caused widespread messaging problems on iPhones late last year.

Right now, the only short term fix is somewhat brutal. Affected users have to reset their iPhone network settings (Settings > General > Reset > Reset Network Settings), which will erase all your WiFi passwords. It is also not a permanent fix. Any time your device is affected, you will have to do it all over again.

I expect Apple will release an emergency iOS update to fix this (likely iOS 14.6.1 as well an iOS 12 update for older iPhones). In the meantime, I have contacted Apple and will update this article when/if I receive a response.


Follow Gordon on Facebook

More On Forbes

iPhone 13 Production Schedule ‘Ahead Of Schedule’, Claims Report

New MagSafe Health Concerns Flagged For iPhone 12 Users With CIEDs

Original Source link

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App







National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.