"Connecting to Malicious Wi-Fi Networks Can Mess With Your iPhone"
A bug has been discovered in iOS that can disable Wi-Fi connectivity for iPhones when they join a network that uses the SSID "%p%s%s%s%s%n." The device loses the ability to join any networks in the future when they connect to that Wi-Fi network. According to the reverse engineer Carl Schou, the internal logging functionality in the iOS Wi-Fi daemon, which uses the SSID inside of format expressions, causes the bug. In some cases, this condition makes it possible for unauthorized format strings to be injected into sensitive parts of the Apple OS. Schou and other security experts have said that the bug is not likely to be exploited to execute malicious code. Another analysis of the bug found that it stems from a flaw contained by an iOS logging component that uses the CONCAT function to convert the SSID string into a format string before it is written to the log file. Since the strings are not echoed to sensitive parts of the iOS, a hacker will likely be unsuccessful in maliciously abusing the logging feature. In addition, the exploitation of the bug would require a person to actively connect to a network containing a suspicious-looking name. Researchers from the security firm AirEye reached a different assessment, finding that it is possible for this technique to be used to circumvent security appliances sitting at the perimeter of a network to block unauthorized data from entering or exiting. This article continues to discuss the discovery and source of the iOS bug that causes a specific network name to disable Wi-Fi on iPhones.
Ars Technica reports "Connecting to Malicious Wi-Fi Networks Can Mess With Your iPhone"