The recent bug named CVE-2021-30800 is no more DoS. Now it is proved to be a real Remote code execution.
I know that many users don't like applying and installing updates. I should say it is a really bad practice, especially in a business environment. But even there, a lot of iOS users postpone accepting new versions of an operating system together with the newest patches for vulnerabilities.
Now we have a great example of why it is critical.
Table of Contents
Older devices: e.g., iPhone 5s are still on iOS 12.X, which is not vulnerable to the 0-click vulnerability.
If you with one of the older versions of an iOS-based device, then you are much likely not affected by the bug.
For everybody else, original research on the ZecOps blog mentioned that discovered bug (should has name CVE-2021-30800) is leading to Remote Code Execution and thus is a highly critical vulnerability for all users.
Upon connecting to a specially crafted wireless access point, the malicious code can be injected and executed with the highest privileges on that device, performing anything malicious actors wants.
Even though the malicious SSID will most likely have a very suspicious name on it is own, it couldn't be excluded that even “trustfully” named access points couldn’t be masqueraded.
This case was assigned to CVE-2021-30800. But it seems to be still under investigation, because there is no data on it in CVE database and it is only has status reserved.
The initial bug was discovered by security researcher Carl Schou, who experienced issues when connecting to his personal WiFi hotspot named with SSID named “%p%s%s%s%s%n”.
Based on this finding, another researcher Chi Chou was replicating the issue, but his conclusion was not so critical.
For the exploitability, it doesn't echo, and the rest of the parameters don't seem to be controllable. Thus I don't think this case is exploitable.
It took about a month to escalate the issue and prove the case is much more than just render the device non-responsive with a need for settings reset.
There are basically only a few recommendations everybody should adhere to, which are allowing drastically reduce threat landscape:
Stay tuned and watch around!