Carding 4 Carders
Professional
- Messages
- 2,728
- Reaction score
- 1,574
- Points
- 113
Recently, Apple released a patch for a vulnerability in iOS that provokes tracking of mobile devices by MAC address. The problem arose due to an incorrect implementation of the privacy feature that appeared in the iPhone three years ago.
This mechanism is designed to prevent such surveillance and is active by default. When connecting a gadget to a Wi-Fi network, it is designed to hide the MAC, replacing it with a unique private address.
As it turned out, due to an error in the code, the real (permanent) MAC address is still broadcast to all devices connected to the Wi-Fi network (port 5353/UDP): it is simply recorded in another field of the discovery request.
In a comment to Ars Technica, one of the authors of the unpleasant find, Tommy Mysk, noted that he tested all iOS releases in recent years and found the same problem everywhere, starting with version 14 (September 2020).
"The function was useless from the very beginning because of a bug," the researcher laments. "Neither the VPN nor the blocking mode could stop sending such requests from devices."
The patch for this vulnerability (CVE-2023-42846) is included in the iOS 17.1 and iPadOS 17.1 updates released on October 25.
• Video:
This mechanism is designed to prevent such surveillance and is active by default. When connecting a gadget to a Wi-Fi network, it is designed to hide the MAC, replacing it with a unique private address.
As it turned out, due to an error in the code, the real (permanent) MAC address is still broadcast to all devices connected to the Wi-Fi network (port 5353/UDP): it is simply recorded in another field of the discovery request.
In a comment to Ars Technica, one of the authors of the unpleasant find, Tommy Mysk, noted that he tested all iOS releases in recent years and found the same problem everywhere, starting with version 14 (September 2020).
"The function was useless from the very beginning because of a bug," the researcher laments. "Neither the VPN nor the blocking mode could stop sending such requests from devices."
The patch for this vulnerability (CVE-2023-42846) is included in the iOS 17.1 and iPadOS 17.1 updates released on October 25.
• Video:
