A strange bug in iOS will cause the iPhone to have to be reset

by ·

Earlier, some users found that if the iOS system is connected to a WiFi hotspot named %p%s%s%s%s%n, the iPhone’s wireless network function will be permanently disabled.

Even if the user restarts the system or changes other hotspot names, the connection cannot be reconnected. The user can only reset the network function through the built-in restore network function of the system.

After resetting, you can reconnect to the hotspot, use it normally, and resetting the network function will not cause too serious an impact.

But then some researchers discovered that a similar vulnerability exists in the iOS system, and the vulnerability is extremely harmful without the user’s active connection to destroy the system.

The new vulnerability is that when the iOS system scans a hotspot named %secretclub%power, the wireless network function will also crash and the reset cannot be restored.

9to5 Mac offered a possible explanation for the weird bug:

the ‘%[character]’ syntax is commonly used in programming languages to format variables into an output string. In C, the ‘%n’ specifier means to save the number of characters written into the format string out to a variable passed to the string format function. The Wi-Fi subsystem probably passes the Wi-Fi network name (SSID) unsanitized to some internal library that is performing string formatting, which in turn causes an arbitrary memory write and buffer overflow. This will lead to memory corruption and the iOS watchdog will kill the process, hence effectively disabling Wi-Fi for the user.

The most serious problem is that users do not need to connect to this hotspot, as long as the system scans this hotspot, it will cause a crash and may be used by pranksters.

Researchers who discovered this vulnerability have tested and found that if the scanning of this hot spot causes the wireless network to crash, then the entire system can only be restored or reinstalled.

If the user has a backup before, it can also be restored through the backup. If there is no backup, then reinstalling means that all applications and data will be lost.

At present, Apple has not responded to the above-mentioned vulnerability, but considering that the damage of the latter vulnerability is more serious, this should urge Apple to release a new version as soon as possible.

If it is not repaired as soon as possible, the prankster can use his own route to create a hotspot with a similar name, which may cause a crash as long as other users pass by.

Via: theverge

Tags: