Apple Fixes Flaw that Breaks iPhone Wi-Fi using Rogue Hotspot

Apple has deployed a new security update to discover dozens of iOS and macOS vulnerabilities, which includes a server iOS flaw know as WiFiDemon that probably lead to denial of services or arbitrary code execution.

This WiFiDemon vulnerability, tracked as CVE-2021-30800 and a zero-day flaw when security researchers publicly revealed it, was fixed by Apple with the updated release of iOS 14.7 earlier this week. A successful exploitation world makes it possible to break an iPhone Wi-Fi process on connecting hotspots with SSIDs containing the special character with “%” such as (%p%s%s%n%n).

Once encountered on a vulnerable iPhone, iPod, and iPad, the flaw would distribute it and is unable to establish Wi-Fi connections, even after rebooting or renaming the Wi-Fi hotspot. Fixing the Wi-FiDemon vulnerability need resetting of the network settings to remove all the name of the Wi-Fi networks, consisting up of rouge ones, from the lists of well-known SSIDs.

How does zero-click RCE impact older versions of iOS?

As researchers later found, the attackers could also run arbitrary code without even the user’s permission when an unpatched device joined a rogue Wi-Fi hotspot with a maliciously designed SSID which includes the “%@” character such as (DDDDD%x%x%x%@)

Fortunately, as mobile security startup ZecOps discovered, the zero-click remote code execution elements of WiFiDemon were only there starting with iOS 14.0 and was silently found by Apple with the release of iOS 14.4. Threat actors might exploit this error by generating new malicious Wi-Fi hotspots in well-known and mostly circulated areas to attack iPhone devices configured to auto-join new Wi-Fi networks.

How to Reset Network Setting in iOS?

If one doesn’t want to or is unable to immediately update their iOS device to iOS 14.7 to protect it from WiFiDemon attacks, you are suggested to disable the Wi-Fi Auto-Join feature by clicking ‘Never’ on the Settings> Wi-Fi> Auto-Join Hotspot option.

The flaw harm iPhone 6s and later, all iPad Pro models, iPad Air 2 and later, iPad 5th generation and further, iPad mini 4 and later, and iPod touch (7th generation), as Apple announces in a security advisory posted earlier this week.

How Apple Patch the Flow of zero-days?

Since March, Apple has been released security updates again and again to address an apparently endless wave of zero-day flaws – nine of them in total – most of them also exploited in the wild.

In prior months, the organization fixed two iOS zero-day bugs (CVE-2021-30761 and CVE-2021-30762) that “may have been currently exploited” to hack into older iPhone, iPad, and iPod devices. Apple patched a macOS zero-day (CVE-2021-30713) in May, a vulnerability harmed by the XCSSET Trojan to avoid Apple’s TCC protections designed to safeguard user’s privacy.

In the same month, Apple also fixed three other zero-days (CVE-2021-30663, CVE-2021-30665, and CVE-2021-30666), flaws permitting for the arbitrary remote code execution (RCE) on vulnerable devices simply by going through malicious websites.

An organization discovered one more iOS zero-day (CVE-2021-1879) in March and zero-days in iOS (CVE-2021-30661) and macOS (CVE-2021-30657) in April. The Shlayer macOS Trojan exploited the latter to avoid Apple’s File Quarantine, Gatekeeper, and Notarization security checks and transmit second-stage malicious payloads on negotiated Macs. 

Leave a Reply