27th July 2021, Kathmandu
A seemingly harmless WiFi hack was recently warned to iPhone owners all around the world that it was not only potentially harmful but also a real menace. That threat level is now extremely real. (Respected) mobile security specialist ZecOps has revealed that a severe “zero-click” bug was secretly patched in iOS 14.4 in fresh research shown to be ahead of publication (without a CVE). Furthermore, ZecOps research demonstrates that this vulnerability can be used to exploit the latest (headline-grabbing) iPhone WiFi attack.
This turns it into a local privilege escalation (LPE) and remote code execution (RCE) threat, as well as a relatively innocuous denial of service (DoS) threat. The latter is a hacker’s ultimate goal, as it allows them to remotely control your iPhone. And Apple has yet to come up with a long-term solution. On July 21, Apple has corrected this flaw in iOS 14.7, according to ZecOps, who conducted extensive testing.
“Format strings are going to remain a vulnerability class that is utilized for exploit development,” ZecOps CEO Zuk Avraham told me. The main conclusion is that there are plenty of problems waiting to be identified, and we need to give device owners and security operations center broader access to scan mobile devices.” In a nutshell, expect variations of this exploit to resurface. On July 23, In its official iOS 14.7 security notes, Apple verified the fix. After that, users were safe.“A new WiFi vulnerability has surfaced in town.
You undoubtedly noticed it but didn’t comprehend what it meant. “The recently disclosed ‘non-dangerous WiFi bug is dangerous,” cautions Zuk Avraham, CEO of ZecOps. “As part of our investigation into this vulnerability, we discovered another silently patched format-strings vulnerability that allows an attacker to infect an iPhone or iPad running iOS 14.3 or earlier without requiring any interaction with an attacker.
The term “0-click” refers to this style of attack (or zero-click). It is possible to exploit this issue, and the same technique may be used to exploit the current unpatched WiFi flaw in iOS 14.6″.
And this is where things start to go wrong. In its current state, a user using iOS 14.6 would have to join a WiFi network with specifically designed characters in its name (SSID) to be vulnerable, according to ZecOps, which is likely to arouse suspicion and reduce prospective assaults.
“Our research team was able to design the network name in a way that does not expose the user to the odd characters, making it look like a valid, existing network name,” security experts AirEye said earlier this month.
Apple’s defense is that recent betas of iOS 14.7 suggest the company is working on a patch, but AirEye CTO Amichai Shulman warns that these airborne attacks are a “new and as-yet unexplored threat vector [and] given their covert nature, we’re certain to see more such attacks.”
