Pixel Envy

Written by Nick Heer.

Analysis of the iOS SSID Format String Bug

Carl Schou on Twitter:

After joining my personal WiFi with the SSID “%p%s%s%s%s%n”, my iPhone permanently disabled it’s WiFi functionality. Neither rebooting nor changing SSID fixes it :~)

Zhi Zhou analyzed this bug:

For the exploitability, it doesn’t echo and the rest of the parameters don’t seem like to be controllable. Thus I don’t think this case is exploitable. After all, to trigger this bug, you need to connect to that WiFi, where the SSID is visible to the victim. A phishing Wi-Fi portal page might as well be more effective.

Embarrassing — but, apparently, not dangerous.