Critical Wi-Fi bug fixed in iOS 14.7 developer beta 5

Posted:
in iOS
The iOS 14.7 developer beta 5 contains a fix for a Wi-Fi bug that would disable Wi-Fi in a device connecting to an SSID with percent symbols in the name.

Percent symbol bug fixed in iOS 14.7 developer beta 5
Percent symbol bug fixed in iOS 14.7 developer beta 5


A security researcher discovered that a Wi-Fi hotspot name with percent symbols, like "%p%s%s%s%s%n", would disable an iOS device's Wi-Fi. The bug appears to have been fixed in the latest iOS betas.

YouTube channel Zollotech shared a video describing a few new changes to iOS 14.7 beta 5, one being a fix for the Wi-Fi bug.

Previously, the iPhone or iPad would attempt to connect to a network with a percent sign in the SSID, and fail. This bug has been fixed in the new developer beta, as well as in the iOS 15 developer beta.

One network name variant, "%secretclub%power" would disable Wi-Fi completely and render some devices unable to connect to Wi-Fi again. In those instances a factory reset of the device would fix the issue.

The original bug was believed to be an issue with input parsing, where the percentage sign could be misinterpreted by iOS as a string-format specifier, namely that characters following the symbol could be considered a variable or a command instead of plain text.

Presumably, Apple would deem this a high-priority fix, so expect iOS 14.7 to release in the coming days. Devices will install the update automatically once it becomes available.

Keep up with everything Apple in the weekly AppleInsider Podcast -- and get a fast news update from AppleInsider Daily. Just say, "Hey, Siri," to your HomePod mini and ask for these podcasts, and our latest HomeKit Insider episode too.If you want an ad-free main AppleInsider Podcast experience, you can support the AppleInsider podcast by subscribing for $5 per month through Apple's Podcasts app, or via Patreon if you prefer any other podcast player.
dewme

Comments

  • Reply 1 of 7
    lkrupplkrupp Posts: 10,557member
    So any reports of this actually happening in the wild to an unsuspecting iPhone user just walking by? Glad it’s fixed, though.
    Fidonet127
  • Reply 2 of 7
    I wouldn’t call this a critical bug, as only a few people might of been affected. I doubt anyone really changed their AP to these weird SSIDs. Anyone know if Android was affected? As others have pointed out, the bigger issue is why wasn’t this prevented in the first place? My is malformed texts, etc still an issue?
  • Reply 3 of 7
    chadbagchadbag Posts: 1,999member
    Devices will install the update automatically once it becomes available.

    actually, NO.   This does not automatically happen unless you’ve set your phone to do so (automatically update). 


  • Reply 4 of 7
    chadbagchadbag Posts: 1,999member
    Anyone know if Android was affected? As others have pointed out, the bigger issue is why wasn’t this prevented in the first place? My is malformed texts, etc still an issue?
    If Android had the same problem it would probably be a huge coincidence.  As iOS is probably predominantly ObjC code (at least in existing core functionality), there was probably some sort of code in there similar to this example code

    [ssidString appendString:@“some sort of format string %d %@“]
    [NSString stringWithFormat:ssidString, someNumber, someObject]

    Ie, they built a format string using the SSID selected and then built another string using their new format string.  The new string being some sort of data they needed with the SSID included. My example just used random format codes as an example.  Without sanitizing the input SSID string in the first line, removing anything that might look like a fornat specifier , the second line would try and replace those format specifiers with the input that the code assumed was being used by Apple’s  added format specifiers, but really were being used on the ones inside the SSID. This would throw an exception — if the types happened to line up then one about not enough input to format.  If the types didn’t line up then maybe an exception about improper types or just a crash as data is misinterpreted.  
    Fidonet127FileMakerFeller
  • Reply 5 of 7
    Rayz2016Rayz2016 Posts: 6,957member
    I’m expecting this bug to crop up again with a different string format. 
  • Reply 6 of 7
    chadbagchadbag Posts: 1,999member
    Rayz2016 said:
    I’m expecting this bug to crop up again with a different string format. 
    If so then the engineers at Apple in this group should be fired, as the normal fix would be to sanitize and remove (or make a literal using %%) ANY format specifier characters from the SSID string.   So any format characters would be fixed, not just these specific ones that were in the news. 
    Fidonet127FileMakerFeller
  • Reply 7 of 7
    MplsPMplsP Posts: 3,911member
    I wouldn’t call this a critical bug, as only a few people might of been affected. I doubt anyone really changed their AP to these weird SSIDs. Anyone know if Android was affected? As others have pointed out, the bigger issue is why wasn’t this prevented in the first place? My is malformed texts, etc still an issue?
    agreed - an annoyance, yes, but not really critical or dangerous.
Sign In or Register to comment.