A programming flaw has infected the world's most secure consumer operating system.According to a researcher, there is a flaw in iOS that blocks Wi-Fi access when devices join a network with a booby-trapped name.
By connecting to a Wi-Fi network that uses the SSID “%p%s%s%s%s%n” Reverse-engineer Carl Schou claimed on Twitter that iPhones and iPads would no longer be able to join that network or any other networks in the future.
After joining my personal WiFi with the SSID “%p%s%s%s%s%n”, my iPhone permanently disabled it’s WiFi functionality. Neither rebooting nor changing SSID fixes it :~) pic.twitter.com/2eue90JFu3
— Carl Schou (@vm_call) June 18, 2021
It didn't take long for trolls to take advantage of the discovery:
The truth about the situation-
According to Schou, network failures do not always occur when an iOS device connects to a rogue SSID. He said, "It's nondeterministic, and occasionally you get lucky and the Wi-Fi daemon fails without persisting the SSID." Since at least iOS 14.4.2, which was published in March, and potentially for years before that, the issue has existed.When he linked an iPhone to one of his wireless routers, he detected the flaw, he said. Schou explained, "All of my gadgets are called after various injection techniques to mess with outdated devices that don't sanitise input." “As well as, presumably, the most recent iOS.”
The crash is triggered by an uncontrolled format string issue, according to experts. The issue occurs when erroneous user input is used as the format string parameter in some C and C-style methods. In rare instances, using format tokens like percent s and percent x can print data to memory. Initially, the issue was thought to be innocuous. Researchers have recently discovered that the % n format token may be used to write malicious malware.
The fact that this problem exists at all is the most unexpected aspect about it. For preventing these sorts of format string vulnerabilities, there are a variety of programming standards available. The real storey here is the failure of what is likely the world's most secure consumer operating system to effectively deploy these measures in 2021.
Thanks For Reading Upto Here! Please like our facebook page and feel free to ask anything related to tech down in the comments section.