Partially Patched iOS WiFi Bug Exists on iOS 14.6 as Zero Click Exploit

BY Mahit Huilgol

Published 19 Jul 2021

iphone wifi vulnerability

Recently, we learned about an iOS bug that disabled WiFi when connected to networks with a particular name. For some, the newly discovered iOS bug destroyed WiFi, thus requiring a factory reset. Thankfully the bug was fixed on a recent beta and is expected to soon land on the public version. Much to everyone’s dismay, a security researcher has revealed that the WiFi bug was more than a bug and an RCE or remote code execution program.

The security researchers at ZecOps say the recent iPhone WiFi bug was not just a DoS (Denial of Service) attack that requires a reset. DevOps has named it ‘WiFiDemon’ and exists in the latest iOS 14.6. Apple fixed the vulnerability partially on iOS 14.4. The worst part is that the vulnerability has become more potent on iOS 14.6 in the form of zero-day. In other words, it no longer requires users to connect to malformed networks instead attackers can directly exploit it in the form of (RCE) Remote Code Execution.

This implies that an attacker can infect iPhone/iPad without requiring any actions from the victim. So far, the bug has been titled ‘non-dangerous, and Apple claims to have fixed it. Putting things into perspective, the vulnerability could target anyone with WiFi-enabled in Settings. The attackers can potentially use a hotspot with a special character as a network name.

The recently disclosed, supposed non-dangerous WiFi bug—is potent. This vulnerability allows an attacker to infect a phone/tablet without any interaction with an attacker. This type of attack is known as 0-click or zero-click). Apple only partially patched the vulnerability. According to security researchers, the bug exists on iOS 14.6, and Apple is yet to fix the same.

How to protect your iPhone/iPad from WiFi vulnerability?

Until Apple fixes the issue entirely, you will have to remain on your guards. Here are few steps that will help prevent such type of WiFi attacks on your iPhone and iPads.

  • Disable WiFi Auto-join feature
  • Head over to Settings>WiFi> Auto-Join>Never
  • Avoid connecting to public hotspots.
  • If you have already been a victim of a WiFi DoS attack, then resetting Network Settings should help.
[via ZecOps]

Related Articles

iOS 14.5 on iPhone 12

iOS 14.7.1 Users Are Complaining of ‘No Service’ and Heating Issues

Sanuj Bhatia
iOS 14.5 on iPhone 12

iOS 14.8 References Spotted in Latest Xcode 13 Beta

Sanuj Bhatia

Apple Stops Signing iOS 14.7, Downgrading from iOS 14.7.1 No Longer Possible

Rajesh Pandey

iOS 14.7.1 Patches Zero-Day Exploit Used by NSO’s Pegasus Spyware

Rajesh Pandey
must-have-ipad-pro-pencil-apps-featured

IPAD PRO 2

Oct 30, 2016

11 Must Have Apps for Apple Pencil and iPad Pro Users

Khamosh Pathak

iPad Pro is a beast of a machine. Yes, it runs iOS but don’t let that fool you. iOS has many ways to be productive and for doing creative work. Granted, it’s different

Read More

MACOS

Jun 13, 2016

‘Apple File System’ Is the Company’s New File System for watchOS, iOS, tvOS, and macOS

Rajesh Pandey

It has long been rumored that Apple is working on a new file system to replace the archaic HFS+ file system that macOS currently uses. The company was expected to announce a new file system

Read More
Apple volunteer

APPLE NEWS

Mar 16, 2015

‘Apple Global Volunteer Program’ will let employees sign up to help local communities

Evan Selleck

Apple is no stranger to donating large sums of money to a cause, or to even help diversification within the tech industry. But now it's aiming to donate some individual human hours as well,

Read More

Want to know more about apple Products

We launch new articles subscribe and get updated. MAX 1 email a week. No spam, ever.

Cancel