MacRumors

macrumors bot
Original poster
Apr 12, 2001
53,480
15,198


Following the release of iPadOS 14.7 this morning, Apple has shared details on the security updates that are included in iOS 14.7, iPadOS 14.7, macOS Big Sur 11.5, watchOS 7.6, and tvOS 14.7, all of which came out this week.

ios-wifi-settings.jpg

Notably, Apple's documentation confirms that the iOS 14.7 and iPadOS 14.7 updates address a WiFi-related vulnerability that could impact iOS devices when joining a malicious WiFi Network.
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Joining a malicious Wi-Fi network may result in a denial of service or arbitrary code execution

Description: This issue was addressed with improved checks.
Back in June, a wireless networking naming bug was discovered, which could disable an iPhone or iPad's WiFi functionality. Joining a network named "%p%s%s%s%s%n" could, in some cases, permanently disable WiFi on a device, and in many other cases, it required resetting an iPhone entirely.

During the beta testing process, it was discovered that the bug was no longer functional, and Apple's notes make it clear that the issue has been addressed.

The iOS and iPadOS 14.7 updates also address a number of other security vulnerabilities related to audio files, Find My, PDFs, web images, and more, so all iPhone and iPad users should update to the new iOS 14.7 updates as soon as possible.

There are also security fixes in macOS Big Sur 11.5, tvOS 14.7, and watchOS 7.6. For Mac users who run older versions of macOS, Apple has released security updates for macOS Catalina and macOS Mojave.

Article Link: Apple Confirms iOS 14.7 Fixes WiFi Bug and Many Other Vulnerabilities
 

boswald

macrumors 6502a
Jul 21, 2016
571
666
Florida
I will do more research on my own, but I’d rather ask IT pros here first just in case I don’t understand what I’m reading. That said, is this Pegasus attack a hardware or software vulnerability?
 
  • Like
Reactions: peanuts_of_pathos

svenning

macrumors member
Mar 13, 2015
59
229
Los Angeles
Didn't fix the horrific battery life I've had on my iPhone 11 Pro since 14.6

Seems cellular related for me - if I turn off cellular and go Wi-Fi only, it can last two days!
Same here. Also noticed that my phone gets really hot just by doing simple tasks as mail or webbrowsing. Used to have 30% when I went to bed, after 14.6 it’s been 10% before 6pm
 

LV426

macrumors 65816
Jan 22, 2013
1,191
842
Does this fix the Pegasus iMessage hole?
No, it does not, since the particular attack vector is not known (and there may be multiple variants). It's suspected that security faults in iMessage are one obvious way into an iPhone.

You will notice that the large list of security fixes in this release include numerous references to font and image parsing vulnerabilities. Exactly the kinds of things that an attacker can send in an iMessage.

Apple are trying hard to fill in the cracks of iMessage. But it's worrying that iMessage is probably stuffed full of zero-day vulnerabilities. Professor Matthew Green of John Hopkins University goes so far as to say that iMessage probably needs to be completely rewritten from scratch using safe coding practises.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.