An innocuous iPhone bug that could crash the WiFi service has turned out to be far worse than initially thought after mobile security firm ZecOps showed on Friday how the bug could be abused for remote code execution attacks.
Discovered last month by Danish security researcher Carl Schou, the bug could crash any up-to-date iPhone that connected to an access point or WiFi network with a name of %p%s%s%s%s%n.
After joining my personal WiFi with the SSID “%p%s%s%s%s%n”, my iPhone permanently disabled it’s WiFi functionality. Neither rebooting nor changing SSID fixes it :~) pic.twitter.com/2eue90JFu3
Since WiFi network names are written on disk in certain files, every time the iPhone tried to connect to a WiFi network, iOS would read those files and crash and reboot in a loop.
Initially, the bug was considered a pretty big deal before iOS experts discovered that disabling WiFi and resetting iOS network settings would clear those local files of the problematic network name and allow users to use their WiFi feature again.