The iOS 14.7 developer beta 5 contains a fix for a Wi-Fi bug that would disable Wi-Fi in a device connecting to an SSID with percent symbols in the name.
A security researcher discovered that a Wi-Fi hotspot name with percent symbols, like "%p%s%s%s%s%n", would disable an iOS device's Wi-Fi. The bug appears to have been fixed in the latest iOS betas.
YouTube channel Zollotech shared a video describing a few new changes to iOS 14.7 beta 5, one being a fix for the Wi-Fi bug.
Previously, the iPhone or iPad would attempt to connect to a network with a percent sign in the SSID, and fail. This bug has been fixed in the new developer beta, as well as in the iOS 15 developer beta.
One network name variant, "%secretclub%power" would disable Wi-Fi completely and render some devices unable to connect to Wi-Fi again. In those instances a factory reset of the device would fix the issue.
The original bug was believed to be an issue with input parsing, where the percentage sign could be misinterpreted by iOS as a string-format specifier, namely that characters following the symbol could be considered a variable or a command instead of plain text.
Presumably, Apple would deem this a high-priority fix, so expect iOS 14.7 to release in the coming days. Devices will install the update automatically once it becomes available.
Keep up with everything Apple in the weekly AppleInsider Podcast — and get a fast news update from AppleInsider Daily. Just say, "Hey, Siri," to your HomePod mini and ask for these podcasts, and our latest HomeKit Insider episode too. If you want an ad-free main AppleInsider Podcast experience, you can support the AppleInsider podcast by subscribing for $5 per month through Apple's Podcasts app, or via Patreon if you prefer any other podcast player.
7 Comments
So any reports of this actually happening in the wild to an unsuspecting iPhone user just walking by? Glad it’s fixed, though.
I wouldn’t call this a critical bug, as only a few people might of been affected. I doubt anyone really changed their AP to these weird SSIDs. Anyone know if Android was affected? As others have pointed out, the bigger issue is why wasn’t this prevented in the first place? My is malformed texts, etc still an issue?
I’m expecting this bug to crop up again with a different string format.