July 20, 2021

Security researchers investigating a bug that causes Wi-Fi services on iPhones to crash have discovered that it could be exploited for remote code execution without user interaction.

While security researcher Carl Schou first discovered a vulnerability that caused iPhone devices to lose their Wi-Fi connectivity after joining a network with the SSID “%p%s%s%s%s%n,” researchers at mobile security startup ZecOps explained that there is more to the bug than the reported Wi-Fi denial-of-service (DoS) effect.

The researchers found that the error can be triggered by a zero-click.

ZecOps says the problem is similar to a format-strings bug where the computer considers the input value as a formatting character rather than a character. This attack was dubbed as WiFiDemon.

However, the researchers recommended upgrading the phone to the latest OS version, as well as disabling the auto-join feature in the Wi-Fi settings to protect against WiFiDemon attacks.

Apple’s iOS 14.7 security updates are intended to address the reported issues.

For more information, read the original story in Bleeping Computer.