Apple iOS/iPadOS17.1 Patch 3-Year Vulnerability: Will Expose Real MAC Addresses
IT Home reported on October 28th that Apple released the official version of iOS/iPadOS17.1 on October 26th,Fixed the 3-year-old "private Wi Fi address" defect, providing users with more comprehensive security protection
IT Home reported on October 28th that Apple released the official version of iOS/iPadOS17.1 on October 26th,Fixed the 3-year-old "private Wi Fi address" defect, providing users with more comprehensive security protection.
IT Home Note: To communicate with a wireless local area network, devices must use a unique network address to identify themselves on the network, which is called a Media Access Control (MAC) address.
If the device always uses the same wireless LAN MAC address on all networks, over time, network operators and other network observers can more easily associate this address with the device's network activity and location for some user tracking or analysis, and this applies to all devices on all wireless LANs.
Starting with iOS14, iPadOS14, and WatchOS7 launched in 2020, Apple introduced the "private address" feature to better protect privacy by using different MAC addresses in each wireless LAN.
However, experiments have shown that the "private address" function is somewhat "virtual". Two security experts, TommyMysk and TalalHaj, reported and discovered this vulnerability, with tracking numbers CVS-2023-42846, indicating that it can be traced back to iOS14 as early as possible.
When an iPhone or any other device joins the network, it triggers multicast messages sent to all other devices on the network. As needed, the message must include a MAC address, starting from iOS14. By default, the value of each SSID should be different.
Mysk has released a demonstration video using Wireshark packet sniffers to monitor traffic on the local network connected to Mac addresses.
After adding iPhones running versions prior to iOS 17.1, the real Wi Fi MAC address can still be seen on the 5353/UDP port.
For most iPhone and iPad users, even if there is an impact, the impact may be minimal. But for those with strict privacy threat models, the inability of these devices to hide their real MAC addresses for three years may be a real problem.
Tag: Apple iOS iPadOS17.1 Patch 3-Year Vulnerability Will Expose Real
Disclaimer: The content of this article is sourced from the internet. The copyright of the text, images, and other materials belongs to the original author. The platform reprints the materials for the purpose of conveying more information. The content of the article is for reference and learning only, and should not be used for commercial purposes. If it infringes on your legitimate rights and interests, please contact us promptly and we will handle it as soon as possible! We respect copyright and are committed to protecting it. Thank you for sharing.
