A recently discovered bug that allows malformed network names to crash your iPhone’s Wi-Fi, requiring a factory reset to fix, is now more potent as a zero-day vulnerability in iOS 14.6.
- The Wi-Fi naming bug has remained live as a zero-day vulnerability
- On iOS 14.6, however, the flaw now enables remote code execution
- Apple has yet to fully patch the vulnearbility
iPhone hotspot bug alive and kicking on iOS 14.6
According to the mobile security experts at zecOps, a recent bug in iOS and iPadOS that enables certain malformed network names to break the device’s Wi-Fi with a Denial of Service (DoS) attack, requiring a network settings reset to fix, is more potent than originally thought.
zecOps notes that the flaw, which they named WiFiDemon, remains present in iOS 14.6.
However, on iOS 14.6 this bug has become a dangerous zero-day vulnerability despite Apple partially fixing it in iOS 14.4 with a shoutout to “an anonymous researcher”. iOS 14.6, the latest publicly available version of Apple’s operating system, launched on May 25, 2021.
On iOS 14.6, zecOps discovered, this vulnerability can actually be used to launch a remote code execution attack on an unsuspecting user without them having to do anything.
The recently disclosed, supposed non-dangerous WiFi bug—is potent. This vulnerability allows an attacker to infect a phone/tablet without any interaction with an attacker. This type of attack is known as 0-click or zero-click). The vulnerability was only partially patched.
In other words, the vulnerability could be triggered simply by having Wi-Fi functionality enabled in Settings and your device detecting a nearby malicious hotspot with special characters in the SSID. No proof-of-concept exists currently to prove that this vulnerability could be used to unleash a remote code execution attack on unsuspecting devices.
To prevent this type of attack, be careful about joining public hotspots.
As a matter of fact, you should disable the option on your iPhone and iPad to automatically connect to public wireless networks by going to Settings → WiFi → Auto-Join Hotspot, then choose either “Never” or “Ask to Join”.