HomeLatest ThreadsGreatest ThreadsForums & GroupsMy SubscriptionsMy Posts
DU Home » Latest Threads » Forums & Groups » Topics » Computers & Internet » Computer Help and Support (Group) » Unpatched iPhone Bug Allo...

Tue Jul 27, 2021, 02:44 PM

Unpatched iPhone Bug Allows Remote Device Takeover

Amazing. It sounds like an old-fashioned sprintf() style bug with unchecked parameters, if that's not too dated a reference these days.

Summary: A Wifi router with the SSID "%p%s%s%s%s%n" can take over your phone if you connect to it (automatically or otherwise)

A format-string bug believed to be a low-risk denial-of-service issue turns out to be much nastier than expected.

A vulnerability in Apple iOS opens the door to remote code execution (RCE), researchers found. The assessment is a revision from a previous understanding of the flaw that viewed it as a low-risk (and somewhat wacky) denial-of-service (DoS) problem affecting iPhone’s Wi-Fi feature.

The original DoS issue is a string-format bug discovered by researcher Carl Schou, who found that connecting to an access point with the SSID “%p%s%s%s%s%n” would disable a device’s Wi-Fi.”

https://threatpost.com/unpatched-iphone-bug-remote-takeover/167922/

1 replies, 533 views

Reply to this thread

Back to top Alert abuse

Always highlight: 10 newest replies | Replies posted after I mark a forum
Replies to this discussion thread
Arrow 1 replies Author Time Post
Reply Unpatched iPhone Bug Allows Remote Device Takeover (Original post)
Ron Obvious Jul 27 OP
Sunlei Jul 29 #1

Response to Ron Obvious (Original post)

Thu Jul 29, 2021, 12:29 PM

1. turn off 'auto join'. Always connect and disconnect your wifi manually.

personally I don't ever use my iPhone for any banking or important account work, but that's just me

Reply to this post

Back to top Alert abuse Link here Permalink

Reply to this thread