How one word can disable an iPhone’s WiFi functionality

2021-07-09T15:41:03

Description

A [researcher](<https://blog.chichou.me/2021/06/20/quick-analysis-wifid/>) has found a way to disable the WiFi functionality on iPhones by getting them to join a WiFi hotspot with a weird name. This shouldn't be happening. The first thing you learn in coding school when it comes to input (which is literally any data a device has to do something with) is to _validate_ it. Well, maybe not the first thing, but if you want to practice secure coding it is one of the most important things: Make sure that a hacker can not abuse your application by feeding it something it can’t digest. Like a WiFi network name. It is not the first time by the way that iPhones can be compromised by using a [format string vulnerability](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0646>). And I'm afraid it will not be the last. ### Let’s talk iPhone iPhones are supposedly much more secure than Android devices, but as it turns out I can disconnect your secure iPhone from **any** WiFi by using a simple format string vulnerability. All I would have to do is make you connect to a specific WiFi hotspot. The magical WiFi network name (SSID) for fritzing your phone is `%p%s%s%s%s%n` but since the underlying issue is almost certainly the fact that `%` is interpreted as a _string format specifier_, you can bet there are more possibilities to be found. > After joining my personal WiFi with the SSID “%p%s%s%s%s%n”, my iPhone permanently disabled it’s WiFi functionality. Neither rebooting nor changing SSID fixes it :~) [pic.twitter.com/2eue90JFu3](<https://t.co/2eue90JFu3>) > > -- Carl Schou (@vm_call) [June 18, 2021](<https://twitter.com/vm_call/status/1405937492642123782?ref_src=twsrc%5Etfw>) ### String format specifiers In programming you sometimes have to build words and sentences you want to show the user using some information you know in advance, and some you don't. In C and C-style languages, _string format specifiers_ are used. They have a special meaning and are processed as variables or commands by the `printf` function. A simple printf command might look like this: printf("Malwarebytes %n rules", &c); In this example `%n` is a string format specifier that modifies the output. When the program prints the sentence "Malwarebytes %n rules" the `%n` will be replaced by the number of characters preceding it, so it will output: `Malwarebytes 13 rules` There are many other format specifiers that do different things. They look like a percentage sign followed by a single character that specifies the type of data, for example `%`s will be replaced by a string of characters, `%d` by a number (a decimal integer), `%p` by a pointer address and so on. So you can see why an WiFi network called `%p%s%s%s%s%n` might cause problems. Apple's programmers should have ensured their code reads names like that as percent signs and letters, not as string format specifiers. It seems they didn't. ### Seriousness I can hear you thinking, so what? I would never join a WiFi Hotspot with such a weird name. Well, maybe you wouldn’t, if you would notice that the name looks out of the ordinary. But anyone can spoof a well-known SSID and your device will happily connect to it again if it's connected to an open SSID by that name before. Other [research](<https://aireye.tech/2021/06/23/the-apple-format-string-bug-from-a-silly-prank-to-an-airborne-attack/>) has shown that the vulnerability is not only restricted to the iOS operating system, it can potentially affect the macOS operating system. The same research team found a way to construct the network name in a way that does not expose the user to the weird characters, making it look like a legitimate, existing network name. It is not impossible that researchers will find a way to construct SSID names that can lead to remote code execution (RCE) attacks. But this will probably turn out to be too complicated since you would be limited by the maximum length of an SSID (32 characters), the limited functionality of the string format specifier, and the memory location of the format string. The format string is located on the heap which does not provide the attacker control of the pointers on stack. Which is not to say that this method could not be used in combination with other vulnerabilities. ### Recovery from testing If you couldn’t resist testing this and now you want your WiFi options back, here is how to do it. You will have to reset their iPhone network settings (Settings > General > Reset > Reset Network Settings), which will erase all your WiFi passwords. This is not a permanent fix for the issue. Any time your device is affected by the issue, you will have to reset it again. And don’t go overboard with your testing. As this researcher has found out the reset does not work for every possible string. > You can permanently disable any iOS device's WiFI by hosting a public WiFi named %secretclub%power Resetting network settings is not guaranteed to restore functionality.[#infosec](<https://twitter.com/hashtag/infosec?src=hash&ref_src=twsrc%5Etfw>) [#0day](<https://twitter.com/hashtag/0day?src=hash&ref_src=twsrc%5Etfw>) > > -- Carl Schou (@vm_call) [July 4, 2021](<https://twitter.com/vm_call/status/1411630091038203909?ref_src=twsrc%5Etfw>) The post [How one word can disable an iPhone's WiFi functionality](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/07/how-one-word-can-disable-an-iphones-wifi/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).

{"id": "MALWAREBYTES:8A0C39A8865B54E6270F5D3C99059FD1", "type": "malwarebytes", "bulletinFamily": "blog", "title": "How one word can disable an iPhone\u2019s WiFi functionality", "description": "A [researcher](<https://blog.chichou.me/2021/06/20/quick-analysis-wifid/>) has found a way to disable the WiFi functionality on iPhones by getting them to join a WiFi hotspot with a weird name.\n\nThis shouldn't be happening. The first thing you learn in coding school when it comes to input (which is literally any data a device has to do something with) is to _validate_ it. Well, maybe not the first thing, but if you want to practice secure coding it is one of the most important things: Make sure that a hacker can not abuse your application by feeding it something it can\u2019t digest. Like a WiFi network name.\n\nIt is not the first time by the way that iPhones can be compromised by using a [format string vulnerability](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0646>). And I'm afraid it will not be the last.\n\n### Let\u2019s talk iPhone\n\niPhones are supposedly much more secure than Android devices, but as it turns out I can disconnect your secure iPhone from **any** WiFi by using a simple format string vulnerability. All I would have to do is make you connect to a specific WiFi hotspot.\n\nThe magical WiFi network name (SSID) for fritzing your phone is `%p%s%s%s%s%n` but since the underlying issue is almost certainly the fact that `%` is interpreted as a _string format specifier_, you can bet there are more possibilities to be found.\n\n> After joining my personal WiFi with the SSID \u201c%p%s%s%s%s%n\u201d, my iPhone permanently disabled it\u2019s WiFi functionality. Neither rebooting nor changing SSID fixes it :~) [pic.twitter.com/2eue90JFu3](<https://t.co/2eue90JFu3>)\n> \n> -- Carl Schou (@vm_call) [June 18, 2021](<https://twitter.com/vm_call/status/1405937492642123782?ref_src=twsrc%5Etfw>)\n\n### String format specifiers\n\nIn programming you sometimes have to build words and sentences you want to show the user using some information you know in advance, and some you don't. In C and C-style languages, _string format specifiers_ are used. They have a special meaning and are processed as variables or commands by the `printf` function. \n\nA simple printf command might look like this:\n \n \n printf(\"Malwarebytes %n rules\", &c);\n \n\nIn this example `%n` is a string format specifier that modifies the output. When the program prints the sentence "Malwarebytes %n rules" the `%n` will be replaced by the number of characters preceding it, so it will output:\n\n`Malwarebytes 13 rules`\n\nThere are many other format specifiers that do different things. They look like a percentage sign followed by a single character that specifies the type of data, for example `%`s will be replaced by a string of characters, `%d` by a number (a decimal integer), `%p` by a pointer address and so on.\n\nSo you can see why an WiFi network called `%p%s%s%s%s%n` might cause problems. Apple's programmers should have ensured their code reads names like that as percent signs and letters, not as string format specifiers. It seems they didn't.\n\n### Seriousness\n\nI can hear you thinking, so what? I would never join a WiFi Hotspot with such a weird name. Well, maybe you wouldn\u2019t, if you would notice that the name looks out of the ordinary. But anyone can spoof a well-known SSID and your device will happily connect to it again if it's connected to an open SSID by that name before.\n\nOther [research](<https://aireye.tech/2021/06/23/the-apple-format-string-bug-from-a-silly-prank-to-an-airborne-attack/>) has shown that the vulnerability is not only restricted to the iOS operating system, it can potentially affect the macOS operating system. The same research team found a way to construct the network name in a way that does not expose the user to the weird characters, making it look like a legitimate, existing network name.\n\nIt is not impossible that researchers will find a way to construct SSID names that can lead to remote code execution (RCE) attacks. But this will probably turn out to be too complicated since you would be limited by the maximum length of an SSID (32 characters), the limited functionality of the string format specifier, and the memory location of the format string. The format string is located on the heap which does not provide the attacker control of the pointers on stack. Which is not to say that this method could not be used in combination with other vulnerabilities. \n\n### Recovery from testing\n\nIf you couldn\u2019t resist testing this and now you want your WiFi options back, here is how to do it. You will have to reset their iPhone network settings (Settings > General > Reset > Reset Network Settings), which will erase all your WiFi passwords. This is not a permanent fix for the issue. Any time your device is affected by the issue, you will have to reset it again.\n\nAnd don\u2019t go overboard with your testing. As this researcher has found out the reset does not work for every possible string.\n\n> You can permanently disable any iOS device's WiFI by hosting a public WiFi named %secretclub%power \nResetting network settings is not guaranteed to restore functionality.[#infosec](<https://twitter.com/hashtag/infosec?src=hash&ref_src=twsrc%5Etfw>) [#0day](<https://twitter.com/hashtag/0day?src=hash&ref_src=twsrc%5Etfw>)\n> \n> -- Carl Schou (@vm_call) [July 4, 2021](<https://twitter.com/vm_call/status/1411630091038203909?ref_src=twsrc%5Etfw>)\n\nThe post [How one word can disable an iPhone's WiFi functionality](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/07/how-one-word-can-disable-an-iphones-wifi/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "published": "2021-07-09T15:41:03", "modified": "2021-07-09T15:41:03", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "href": "https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/07/how-one-word-can-disable-an-iphones-wifi/", "reporter": "Pieter Arntz", "references": [], "cvelist": ["CVE-2012-0646"], "immutableFields": [], "lastseen": "2021-07-09T16:32:25", "viewCount": 171, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-0646"]}, {"type": "nessus", "idList": ["6344.PRM", "APPLE_IOS_51_CHECK.NBIN"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:27741", "SECURITYVULNS:VULN:12239"]}], "rev": 4}, "score": {"value": -0.5, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2012-0646"]}, {"type": "nessus", "idList": ["APPLE_IOS_51_CHECK.NBIN"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12239"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2012-0646", "epss": "0.012710000", "percentile": "0.835690000", "modified": "2023-03-17"}], "vulnersScore": -0.5}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": true}, "cvss3": {}, "edition": 2, "scheme": null, "_state": {"dependencies": 1646061314, "score": 1659846169, "epss": 1679098904}, "_internal": {"score_hash": "9614304e7470f8cc0fca4a4a1d4d3db3"}}

{"cve": [{"lastseen": "2023-02-09T14:00:58", "description": "Format string vulnerability in VPN in Apple iOS before 5.1 allows remote attackers to execute arbitrary code via a crafted racoon configuration file.", "cvss3": {}, "published": "2012-03-08T22:55:00", "type": "cve", "title": "CVE-2012-0646", "cwe": ["CWE-134"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0646"], "modified": "2018-11-29T19:10:00", "cpe": [], "id": "CVE-2012-0646", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0646", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": []}], "securityvulns": [{"lastseen": "2021-06-08T19:18:13", "description": "Information leakage, protection bypass, sandbox limitation bypass.", "cvss3": {}, "published": "2012-03-09T00:00:00", "type": "securityvulns", "title": "Apple iPhone multiple security vulnerabilities", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2012-0645", "CVE-2012-0644", "CVE-2012-0642", "CVE-2012-0641", "CVE-2011-3453", "CVE-2012-0585", "CVE-2012-0643", "CVE-2012-0646"], "modified": "2012-03-09T00:00:00", "id": "SECURITYVULNS:VULN:12239", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12239", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:43", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2012-03-07-2 iOS 5.1 Software Update\r\n\r\niOS 5.1 Software Update is now available and addresses the following:\r\n\r\nCFNetwork\r\nAvailable for: iPhone 3GS, iPhone 4, iPhone 4S,\r\niPod touch (3rd generation) and later, iPad, iPad 2\r\nImpact: Visiting a maliciously crafted website may lead to the\r\ndisclosure of sensitive information\r\nDescription: An issue existed in CFNetwork's handling of malformed\r\nURLs. When accessing a maliciously crafted URL, CFNetwork could send\r\nunexpected request headers.\r\nCVE-ID\r\nCVE-2012-0641 : Erling Ellingsen of Facebook\r\n\r\nHFS\r\nAvailable for: iPhone 3GS, iPhone 4, iPhone 4S,\r\niPod touch (3rd generation) and later, iPad, iPad 2\r\nImpact: Mounting a maliciously crafted disk image may lead to a\r\ndevice shutdown or arbitrary code execution\r\nDescription: An integer underflow existed with the handling of HFS\r\ncatalog files.\r\nCVE-ID\r\nCVE-2012-0642 : pod2g\r\n\r\nKernel\r\nAvailable for: iPhone 3GS, iPhone 4, iPhone 4S,\r\niPod touch (3rd generation) and later, iPad, iPad 2\r\nImpact: A malicious program could bypass sandbox restrictions\r\nDescription: A logic issue existed in the handling of debug system\r\ncalls. This may allow a malicious program to gain code execution in\r\nother programs with the same user privileges.\r\nCVE-ID\r\nCVE-2012-0643 : 2012 iOS Jailbreak Dream Team\r\n\r\nlibresolv\r\nAvailable for: iPhone 3GS, iPhone 4, iPhone 4S,\r\niPod touch (3rd generation) and later, iPad, iPad 2\r\nImpact: Applications that use the libresolv library may be\r\nvulnerable to an unexpected application termination or arbitrary code\r\nexecution\r\nDescription: An integer overflow existed in the handling of DNS\r\nresource records, which may lead to heap memory corruption.\r\nCVE-ID\r\nCVE-2011-3453 : Ilja van Sprundel of IOActive\r\n\r\nPasscode Lock\r\nAvailable for: iPhone 3GS, iPhone 4, iPhone 4S,\r\niPod touch (3rd generation) and later, iPad, iPad 2\r\nImpact: A person with physical access to the device may be able to\r\nbypass the screen lock\r\nDescription: A race condition issue existed in the handling of slide\r\nto dial gestures. This may allow a person with physical access to the\r\ndevice to bypass the Passcode Lock screen.\r\nCVE-ID\r\nCVE-2012-0644 : Roland Kohler of the German Federal Ministry of\r\nEconomics and Technology\r\n\r\nSafari\r\nAvailable for: iPhone 3GS, iPhone 4, iPhone 4S,\r\niPod touch (3rd generation) and later, iPad, iPad 2\r\nImpact: Web page visits may be recorded in browser history even when\r\nPrivate Browsing is active\r\nDescription: Safari's Private Browsing is designed to prevent\r\nrecording of a browsing session. Pages visited as a result of a site\r\nusing the JavaScript methods pushState or replaceState were recorded\r\nin the browser history even when Private Browsing mode was active.\r\nThis issue is addressed by not recording such visits when Private\r\nBrowsing is active.\r\nCVE-ID\r\nCVE-2012-0585 : Eric Melville of American Express\r\n\r\nSiri\r\nAvailable for: iPhone 3GS, iPhone 4, iPhone 4S,\r\niPod touch (3rd generation) and later, iPad, iPad 2\r\nImpact: An attacker with physical access to a locked phone could get\r\naccess to frontmost email message\r\nDescription: A design issue existed in Siri's lock screen\r\nrestrictions. If Siri was enabled for use on the lock screen, and\r\nMail was open with a message selected behind the lock screen, a voice\r\ncommand could be used to send that message to an arbitrary recipient.\r\nThis issue is addressed by disabling forwarding of active messages\r\nfrom the lock screen.\r\nCVE-ID\r\nCVE-2012-0645\r\n\r\nVPN\r\nAvailable for: iPhone 3GS, iPhone 4, iPhone 4S,\r\niPod touch (3rd generation) and later, iPad, iPad 2\r\nImpact: A maliciously crafted system configuration file may lead to\r\narbitrary code execution with system privileges\r\nDescription: A format string vulnerability existed in the handling\r\nof racoon configuration files.\r\nCVE-ID\r\nCVE-2012-0646 : pod2g\r\n\r\nWebKit\r\nAvailable for: iPhone 3GS, iPhone 4, iPhone 4S,\r\niPod touch (3rd generation) and later, iPad, iPad 2\r\nImpact: Visiting a maliciously crafted website may lead to the\r\ndisclosure of cookies\r\nDescription: A cross-origin issue existed in WebKit, which may allow\r\ncookies to be disclosed across origins.\r\nCVE-ID\r\nCVE-2011-3887 : Sergey Glazunov\r\n\r\nWebKit\r\nAvailable for: iPhone 3GS, iPhone 4, iPhone 4S,\r\niPod touch (3rd generation) and later, iPad, iPad 2\r\nImpact: Visiting a maliciously crafted website and dragging content\r\nwith the mouse may lead to a cross-site scripting attack\r\nDescription: A cross-origin issue existed in WebKit, which may allow\r\ncontent to be dragged and dropped across origins.\r\nCVE-ID\r\nCVE-2012-0590 : Adam Barth of Google Chrome Security Team\r\n\r\nWebKit\r\nAvailable for: iPhone 3GS, iPhone 4, iPhone 4S,\r\niPod touch (3rd generation) and later, iPad, iPad 2\r\nImpact: Visiting a maliciously crafted website may lead to a cross-\r\nsite scripting attack\r\nDescription: Multiple cross-origin issues existed in WebKit.\r\nCVE-ID\r\nCVE-2011-3881 : Sergey Glazunov\r\nCVE-2012-0586 : Sergey Glazunov\r\nCVE-2012-0587 : Sergey Glazunov\r\nCVE-2012-0588 : Jochen Eisinger of Google Chrome Team\r\nCVE-2012-0589 : Alan Austin of polyvore.com\r\n\r\nWebKit\r\nAvailable for: iPhone 3GS, iPhone 4, iPhone 4S,\r\niPod touch (3rd generation) and later, iPad, iPad 2\r\nImpact: Visiting a maliciously crafted website may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in WebKit.\r\nCVE-ID\r\nCVE-2011-2825 : wushi of team509 working with TippingPoint's Zero Day\r\nInitiative\r\nCVE-2011-2833 : Apple\r\nCVE-2011-2846 : Arthur Gerkis, miaubiz\r\nCVE-2011-2847 : miaubiz, Abhishek Arya (Inferno) of Google Chrome\r\nSecurity Team using AddressSanitizer\r\nCVE-2011-2854 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam using AddressSanitizer\r\nCVE-2011-2855 : Arthur Gerkis, wushi of team509 working with iDefense\r\nVCP\r\nCVE-2011-2857 : miaubiz\r\nCVE-2011-2860 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam using AddressSanitizer\r\nCVE-2011-2867 : Dirk Schulze\r\nCVE-2011-2868 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam using AddressSanitizer\r\nCVE-2011-2869 : Cris Neckar of Google Chrome Security Team using\r\nAddressSanitizer\r\nCVE-2011-2870 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam using AddressSanitizer\r\nCVE-2011-2871 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam using AddressSanitizer\r\nCVE-2011-2872 : Abhishek Arya (Inferno) and Cris Neckar of Google\r\nChrome Security Team using AddressSanitizer\r\nCVE-2011-2873 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam using AddressSanitizer\r\nCVE-2011-2877 : miaubiz\r\nCVE-2011-3885 : miaubiz\r\nCVE-2011-3888 : miaubiz\r\nCVE-2011-3897 : pa_kt working with TippingPoint's Zero Day Initiative\r\nCVE-2011-3908 : Aki Helin of OUSPG\r\nCVE-2011-3909 : Google Chrome Security Team (scarybeasts) and Chu\r\nCVE-2011-3928 : wushi of team509 working with TippingPoint's Zero Day\r\nInitiative\r\nCVE-2012-0591 : miaubiz, and Martin Barbella\r\nCVE-2012-0592 : Alexander Gavrun working with TippingPoint's Zero Day\r\nInitiative\r\nCVE-2012-0593 : Lei Zhang of the Chromium development community\r\nCVE-2012-0594 : Adam Klein of the Chromium development community\r\nCVE-2012-0595 : Apple\r\nCVE-2012-0596 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam using AddressSanitizer\r\nCVE-2012-0597 : miaubiz\r\nCVE-2012-0598 : Sergey Glazunov\r\nCVE-2012-0599 : Dmytro Gorbunov of SaveSources.com\r\nCVE-2012-0600 : Marshall Greenblatt, Dharani Govindan of Google\r\nChrome, miaubiz, Aki Helin of OUSPG, Apple\r\nCVE-2012-0601 : Apple\r\nCVE-2012-0602 : Apple\r\nCVE-2012-0603 : Apple\r\nCVE-2012-0604 : Apple\r\nCVE-2012-0605 : Apple\r\nCVE-2012-0606 : Apple\r\nCVE-2012-0607 : Apple\r\nCVE-2012-0608 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam using AddressSanitizer\r\nCVE-2012-0609 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam using AddressSanitizer\r\nCVE-2012-0610 : miaubiz, Martin Barbella using AddressSanitizer\r\nCVE-2012-0611 : Martin Barbella using AddressSanitizer\r\nCVE-2012-0612 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam using AddressSanitizer\r\nCVE-2012-0613 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam using AddressSanitizer\r\nCVE-2012-0614 : miaubiz, Martin Barbella using AddressSanitizer\r\nCVE-2012-0615 : Martin Barbella using AddressSanitizer\r\nCVE-2012-0616 : miaubiz\r\nCVE-2012-0617 : Martin Barbella using AddressSanitizer\r\nCVE-2012-0618 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam using AddressSanitizer\r\nCVE-2012-0619 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam using AddressSanitizer\r\nCVE-2012-0620 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam using AddressSanitizer\r\nCVE-2012-0621 : Martin Barbella using AddressSanitizer\r\nCVE-2012-0622 : Dave Levin and Abhishek Arya of the Google Chrome\r\nSecurity Team\r\nCVE-2012-0623 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam using AddressSanitizer\r\nCVE-2012-0624 : Martin Barbella using AddressSanitizer\r\nCVE-2012-0625 : Martin Barbella\r\nCVE-2012-0626 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam using AddressSanitizer\r\nCVE-2012-0627 : Apple\r\nCVE-2012-0628 : Slawomir Blazek, miaubiz, Abhishek Arya (Inferno) of\r\nGoogle Chrome Security Team using AddressSanitizer\r\nCVE-2012-0629 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam\r\nCVE-2012-0630 : Sergio Villar Senin of Igalia\r\nCVE-2012-0631 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam\r\nCVE-2012-0632 : Cris Neckar of the Google Chrome Security Team using\r\nAddressSanitizer\r\nCVE-2012-0633 : Apple\r\nCVE-2012-0635 : Julien Chaffraix of the Chromium development\r\ncommunity, Martin Barbella using AddressSanitizer\r\n\r\n\r\nInstallation note:\r\n\r\nThis update is only available through iTunes, and will not appear\r\nin your computer's Software Update application, or in the Apple\r\nDownloads site. Make sure you have an Internet connection and have\r\ninstalled the latest version of iTunes from www.apple.com/itunes/\r\n\r\niTunes will automatically check Apple's update server on its weekly\r\nschedule. When an update is detected, it will download it. When\r\nthe iPhone, iPod touch or iPad is docked, iTunes will present the\r\nuser with the option to install the update. We recommend applying\r\nthe update immediately if possible. Selecting Don't Install will\r\npresent the option the next time you connect your iPhone, iPod touch,\r\nor iPad.\r\n\r\nThe automatic update process may take up to a week depending on the\r\nday that iTunes checks for updates. You may manually obtain the\r\nupdate via the Check for Updates button within iTunes. After doing\r\nthis, the update can be applied when your iPhone, iPod touch, or iPad\r\nis docked to your computer.\r\n\r\nTo check that the iPhone, iPod touch, or iPad has been updated:\r\n\r\n* Navigate to Settings\r\n* Select General\r\n* Select About. The version after applying this update will be "5.1".\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.16 (Darwin)\r\n\r\niQEcBAEBAgAGBQJPV6M3AAoJEGnF2JsdZQeef/cIAKBSn0czLzJO9fu6ZyjLRvxq\r\n4pIZgfyEVGBzpn+9IeiGFTkkVf+bOsA+Q3RlcsG5g0RlbyFgnuWu59HHsnkrElbM\r\nbCfnnTF5eYZX/3fnLzxpX7BUsEona3nf1gHfR24OeEn36C8rZ6rZJfMLqCJNNZGY\r\nRDSga1oeMN/AbgZuR9sYKudkE0GOmkLZfR2G4WXmrU+JncR6XoROUwoJBPhg8z90\r\nHAxgDEbduuLLOSe7CHLS3apbh0L2tmxPCWpiBmEMg6PTlFF0HhJQJ0wusrUc8nX6\r\n7TDsAho73wCOpChzBGQeemc6+UEN2uDmUgwVkN6n4D/qN1u6E+d3coUXOlb8hIY=\r\n=qPeE\r\n-----END PGP SIGNATURE-----\r\n", "cvss3": {}, "published": "2012-03-09T00:00:00", "type": "securityvulns", "title": "APPLE-SA-2012-03-07-2 iOS 5.1 Software Update", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2011-2855", "CVE-2012-0645", "CVE-2012-0596", "CVE-2012-0635", "CVE-2011-2870", "CVE-2012-0588", "CVE-2011-3928", "CVE-2012-0628", "CVE-2011-2877", "CVE-2012-0598", "CVE-2012-0593", "CVE-2012-0644", "CVE-2012-0611", "CVE-2011-3881", "CVE-2012-0597", "CVE-2012-0613", "CVE-2012-0612", "CVE-2011-2871", "CVE-2012-0642", "CVE-2012-0641", "CVE-2011-3909", "CVE-2012-0586", "CVE-2012-0608", "CVE-2011-3453", "CVE-2011-3888", "CVE-2012-0630", "CVE-2011-2869", "CVE-2012-0621", "CVE-2012-0624", "CVE-2011-2846", "CVE-2012-0610", "CVE-2012-0607", "CVE-2011-2860", "CVE-2012-0585", "CVE-2011-2825", "CVE-2012-0594", "CVE-2012-0643", "CVE-2012-0620", "CVE-2012-0587", "CVE-2012-0592", "CVE-2011-3885", "CVE-2012-0619", "CVE-2011-2867", "CVE-2012-0625", "CVE-2012-0591", "CVE-2012-0601", "CVE-2012-0609", "CVE-2011-2873", "CVE-2012-0602", "CVE-2011-3908", "CVE-2012-0617", "CVE-2012-0616", "CVE-2011-2872", "CVE-2012-0590", "CVE-2012-0629", "CVE-2012-0632", "CVE-2011-2833", "CVE-2012-0615", "CVE-2011-2847", "CVE-2012-0599", "CVE-2012-0604", "CVE-2012-0633", "CVE-2012-0646", "CVE-2012-0603", "CVE-2012-0589", "CVE-2012-0605", "CVE-2012-0623", "CVE-2012-0595", "CVE-2012-0627", "CVE-2012-0622", "CVE-2012-0614", "CVE-2012-0606", "CVE-2012-0600", "CVE-2012-0626", "CVE-2012-0631", "CVE-2011-3887", "CVE-2011-2857", "CVE-2012-0618", "CVE-2011-3897", "CVE-2011-2868", "CVE-2011-2854"], "modified": "2012-03-09T00:00:00", "id": "SECURITYVULNS:DOC:27741", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27741", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2023-03-09T15:09:43", "description": "The mobile device is running a version of iOS that is older than version 5.1. Version 5.1 contains numerous security-related fixes for the following vulnerabilities :\n\n - Apple iPhone/iPad/iPod Touch prior to iOS 5.1 Multiple Vulnerabilities (CVE-2012-0641)\n\n - Apple Mac OS X Integer Overflow Vulnerability (CVE-2011-3453)\n\n - Google Chrome prior to 15.0.874.102 Multiple Security Vulnerabilities (CVE-2011-3887)\n\n - WebKit Multiple Unspecified Cross-Site Scripting Vulnerabilities (CVE-2012-0590)\n\n - Google Chrome prior to 13.0.782.215 Multiple Security Vulnerabilities (CVE-2011-2825)\n\n - WebKit Multiple Unspecified Memory Corruption Vulnerabilities (CVE-2011-2833)\n\n - Google Chrome prior to 14.0.835.163 Multiple Security Vulnerabilities (CVE-2011-2846)\n\n - Google Chrome prior to 14.0.835.202 Multiple Security Vulnerabilities (CVE-2011-2877)\n\n - Google Chrome prior to 15.0.874.120 Multiple Security Vulnerabilities (CVE-2011-3897)\n\n - Google Chrome prior to 16.0.912.63 Multiple Security Vulnerabilities (CVE-2011-3908)\n\n - WebKit SVG Tags Use-After-Free Remote Code Execution Vulnerability (CVE-2011-3928)\n\n - Google Chrome prior to 16.0.912.77 Multiple Security Vulnerabilities (CVE-2012-0591)\n\n - WebKit Array.Splice Method Remote Code Execution Vulnerability (CVE-2012-0592)", "cvss3": {}, "published": "2012-06-19T00:00:00", "type": "nessus", "title": "Apple iOS < 5.1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2825", "CVE-2011-2833", "CVE-2011-2846", "CVE-2011-2847", "CVE-2011-2854", "CVE-2011-2855", "CVE-2011-2857", "CVE-2011-2860", "CVE-2011-2867", "CVE-2011-2868", "CVE-2011-2869", "CVE-2011-2870", "CVE-2011-2871", "CVE-2011-2872", "CVE-2011-2873", "CVE-2011-2877", "CVE-2011-3453", "CVE-2011-3881", "CVE-2011-3885", "CVE-2011-3887", "CVE-2011-3888", "CVE-2011-3897", "CVE-2011-3908", "CVE-2011-3909", "CVE-2011-3928", "CVE-2012-0585", "CVE-2012-0586", "CVE-2012-0587", "CVE-2012-0588", "CVE-2012-0589", "CVE-2012-0590", "CVE-2012-0591", "CVE-2012-0592", "CVE-2012-0593", "CVE-2012-0594", "CVE-2012-0595", "CVE-2012-0596", "CVE-2012-0597", "CVE-2012-0598", "CVE-2012-0599", "CVE-2012-0600", "CVE-2012-0601", "CVE-2012-0602", "CVE-2012-0603", "CVE-2012-0604", "CVE-2012-0605", "CVE-2012-0606", "CVE-2012-0607", "CVE-2012-0608", "CVE-2012-0609", "CVE-2012-0610", "CVE-2012-0611", "CVE-2012-0612", "CVE-2012-0613", "CVE-2012-0614", "CVE-2012-0615", "CVE-2012-0616", "CVE-2012-0617", "CVE-2012-0618", "CVE-2012-0619", "CVE-2012-0620", "CVE-2012-0621", "CVE-2012-0622", "CVE-2012-0623", "CVE-2012-0624", "CVE-2012-0625", "CVE-2012-0626", "CVE-2012-0627", "CVE-2012-0628", "CVE-2012-0629", "CVE-2012-0630", "CVE-2012-0631", "CVE-2012-0632", "CVE-2012-0633", "CVE-2012-0635", "CVE-2012-0641", "CVE-2012-0642", "CVE-2012-0643", "CVE-2012-0644", "CVE-2012-0645", "CVE-2012-0646"], "modified": "2023-03-08T00:00:00", "cpe": ["cpe:/o:apple:iphone_os"], "id": "APPLE_IOS_51_CHECK.NBIN", "href": "https://www.tenable.com/plugins/nessus/60028", "sourceData": "Binary data apple_ios_51_check.nbin", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-17T14:33:34", "description": "According to its banner, the remote Apple iOS device is missing a security update. Versions of Apple iOS 3.0 through 5.1 are affected by vulnerabilities within the following components :\n - CFNetwork\n - HFS\n - Kernel\n - libresolv\n - Passcode Lock\n - Safari\n - Siri\n - VPN\n - WebKit", "cvss3": {}, "published": "2012-03-08T00:00:00", "type": "nessus", "title": "Apple iOS < 5.1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2825", "CVE-2011-2833", "CVE-2011-2846", "CVE-2011-2847", "CVE-2011-2854", "CVE-2011-2855", "CVE-2011-2857", "CVE-2011-2860", "CVE-2011-2867", "CVE-2011-2868", "CVE-2011-2869", "CVE-2011-2870", "CVE-2011-2871", "CVE-2011-2872", "CVE-2011-2873", "CVE-2011-2877", "CVE-2011-3453", "CVE-2011-3881", "CVE-2011-3885", "CVE-2011-3887", "CVE-2011-3888", "CVE-2011-3897", "CVE-2011-3908", "CVE-2011-3909", "CVE-2011-3928", "CVE-2012-0585", "CVE-2012-0586", "CVE-2012-0587", "CVE-2012-0588", "CVE-2012-0589", "CVE-2012-0590", "CVE-2012-0591", "CVE-2012-0592", "CVE-2012-0593", "CVE-2012-0594", "CVE-2012-0595", "CVE-2012-0596", "CVE-2012-0597", "CVE-2012-0598", "CVE-2012-0599", "CVE-2012-0600", "CVE-2012-0601", "CVE-2012-0602", "CVE-2012-0603", "CVE-2012-0604", "CVE-2012-0605", "CVE-2012-0606", "CVE-2012-0607", "CVE-2012-0608", "CVE-2012-0609", "CVE-2012-0610", "CVE-2012-0611", "CVE-2012-0612", "CVE-2012-0613", "CVE-2012-0614", "CVE-2012-0615", "CVE-2012-0616", "CVE-2012-0617", "CVE-2012-0618", "CVE-2012-0619", "CVE-2012-0620", "CVE-2012-0621", "CVE-2012-0622", "CVE-2012-0623", "CVE-2012-0624", "CVE-2012-0625", "CVE-2012-0626", "CVE-2012-0627", "CVE-2012-0628", "CVE-2012-0629", "CVE-2012-0630", "CVE-2012-0631", "CVE-2012-0632", "CVE-2012-0633", "CVE-2012-0635", "CVE-2012-0641", "CVE-2012-0642", "CVE-2012-0643", "CVE-2012-0644", "CVE-2012-0645", "CVE-2012-0646"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:/o:apple:iphone_os"], "id": "6344.PRM", "href": "https://www.tenable.com/plugins/nnm/6344", "sourceData": "Binary data 6344.prm", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}

How one word can disable an iPhone’s WiFi functionality

Description

Related