Partially Patched iOS WiFi Bug Exists on iOS 14.6 as Zero Click Exploit

BY Mahit Huilgol

Published 19 Jul 2021

iphone wifi vulnerability

Recently, we learned about an iOS bug that disabled WiFi when connected to networks with a particular name. For some, the newly discovered iOS bug destroyed WiFi, thus requiring a factory reset. Thankfully the bug was fixed on a recent beta and is expected to soon land on the public version. Much to everyone’s dismay, a security researcher has revealed that the WiFi bug was more than a bug and an RCE or remote code execution program.

The security researchers at ZecOps say the recent iPhone WiFi bug was not just a DoS (Denial of Service) attack that requires a reset. DevOps has named it ‘WiFiDemon’ and exists in the latest iOS 14.6. Apple fixed the vulnerability partially on iOS 14.4. The worst part is that the vulnerability has become more potent on iOS 14.6 in the form of zero-day. In other words, it no longer requires users to connect to malformed networks instead attackers can directly exploit it in the form of (RCE) Remote Code Execution.

This implies that an attacker can infect iPhone/iPad without requiring any actions from the victim. So far, the bug has been titled ‘non-dangerous, and Apple claims to have fixed it. Putting things into perspective, the vulnerability could target anyone with WiFi-enabled in Settings. The attackers can potentially use a hotspot with a special character as a network name.

The recently disclosed, supposed non-dangerous WiFi bug—is potent. This vulnerability allows an attacker to infect a phone/tablet without any interaction with an attacker. This type of attack is known as 0-click or zero-click). Apple only partially patched the vulnerability. According to security researchers, the bug exists on iOS 14.6, and Apple is yet to fix the same.

How to protect your iPhone/iPad from WiFi vulnerability?

Until Apple fixes the issue entirely, you will have to remain on your guards. Here are few steps that will help prevent such type of WiFi attacks on your iPhone and iPads.

  • Disable WiFi Auto-join feature
  • Head over to Settings>WiFi> Auto-Join>Never
  • Avoid connecting to public hotspots.
  • If you have already been a victim of a WiFi DoS attack, then resetting Network Settings should help.
[via ZecOps]