An innocuous iPhone bug that could crash the WiFi service has turned out to be far worse than initially thought after mobile security firm ZecOps showed on Friday how the bug could be abused for remote code execution attacks.
Discovered last month by Danish security researcher Carl Schou, the bug could crash any up-to-date iPhone that connected to an access point or WiFi network with a name of %p%s%s%s%s%n.
After joining my personal WiFi with the SSID “%p%s%s%s%s%n”, my iPhone permanently disabled it’s WiFi functionality. Neither rebooting nor changing SSID fixes it :~) pic.twitter.com/2eue90JFu3— Carl Schou (@vm_call) June 18, 2021
Since WiFi network names are written on disk in certain files, every time the iPhone tried to connect to a WiFi network, iOS would read those files and crash and reboot in a loop.