Critical Wi-Fi bug fixed in iOS 14.7 developer beta 5

The iOS 14.7 developer beta 5 contains a fix for a Wi-Fi bug that would disable Wi-Fi in a device connecting to an SSID with percent symbols in the name.

A security researcher discovered that a Wi-Fi hotspot name with percent symbols, like "%p%s%s%s%s%n", would disable an iOS device's Wi-Fi. The bug appears to have been fixed in the latest iOS betas.

YouTube channel Zollotech shared a video describing a few new changes to iOS 14.7 beta 5, one being a fix for the Wi-Fi bug.

Previously, the iPhone or iPad would attempt to connect to a network with a percent sign in the SSID, and fail. This bug has been fixed in the new developer beta, as well as in the iOS 15 developer beta.

One network name variant, "%secretclub%power" would disable Wi-Fi completely and render some devices unable to connect to Wi-Fi again. In those instances a factory reset of the device would fix the issue.

The original bug was believed to be an issue with input parsing, where the percentage sign could be misinterpreted by iOS as a string-format specifier, namely that characters following the symbol could be considered a variable or a command instead of plain text.

Presumably, Apple would deem this a high-priority fix, so expect iOS 14.7 to release in the coming days. Devices will install the update automatically once it becomes available.

Keep up with everything Apple in the weekly AppleInsider Podcast — and get a fast news update from AppleInsider Daily. Just say, "Hey, Siri," to your HomePod mini and ask for these podcasts, and our latest HomeKit Insider episode too.

If you want an ad-free main AppleInsider Podcast experience, you can support the AppleInsider podcast by subscribing for $5 per month through Apple's Podcasts app, or via Patreon if you prefer any other podcast player.

7 Comments

lkrupp 19 Years · 10521 comments

About 3 years ago

So any reports of this actually happening in the wild to an unsuspecting iPhone user just walking by? Glad it’s fixed, though.

Fidonet127 5 Years · 598 comments

I wouldn’t call this a critical bug, as only a few people might of been affected. I doubt anyone really changed their AP to these weird SSIDs. Anyone know if Android was affected? As others have pointed out, the bigger issue is why wasn’t this prevented in the first place? My is malformed texts, etc still an issue?

chadbag 13 Years · 2029 comments

Devices will install the update automatically once it becomes available.
actually, NO. This does not automatically happen unless you’ve set your phone to do so (automatically update).

Fidonet127 said:

Anyone know if Android was affected? As others have pointed out, the bigger issue is why wasn’t this prevented in the first place? My is malformed texts, etc still an issue?

If Android had the same problem it would probably be a huge coincidence. As iOS is probably predominantly ObjC code (at least in existing core functionality), there was probably some sort of code in there similar to this example code
[ssidString appendString:@“some sort of format string %d %@“]
[NSString stringWithFormat:ssidString, someNumber, someObject]
Ie, they built a format string using the SSID selected and then built another string using their new format string. The new string being some sort of data they needed with the SSID included. My example just used random format codes as an example. Without sanitizing the input SSID string in the first line, removing anything that might look like a fornat specifier , the second line would try and replace those format specifiers with the input that the code assumed was being used by Apple’s added format specifiers, but really were being used on the ones inside the SSID. This would throw an exception — if the types happened to line up then one about not enough input to format. If the types didn’t line up then maybe an exception about improper types or just a crash as data is misinterpreted.