Topics
Latest
AI
Amazon
Image Credits:David Paul Morris/Bloomberg / Getty Images
Apps
Biotech & Health
Climate
Image Credits:David Paul Morris/Bloomberg / Getty Images
Cloud Computing
commercialism
Crypto
enterprisingness
EVs
Fintech
Fundraising
Gadgets
stake
Government & Policy
ironware
Layoffs
Media & Entertainment
Meta
Microsoft
Privacy
Robotics
Security
Social
Space
Startups
TikTok
Transportation
Venture
More from TechCrunch
Events
Startup Battlefield
StrictlyVC
Podcasts
picture
Partner Content
TechCrunch Brand Studio
Crunchboard
Contact Us
Apple has fixed a years - old exposure in its iPhone and iPad software that cave a privateness feature film since it first debut .
Back in 2020 , Apple announce a new feature in iOS 14 that would prevent nearby wireless routers and access points from gathering an Apple gimmick ’s unique MAC reference .
Tracking MAC addresses can have legitimate use , like allowing administrators to identify every gimmick connected to their networks , such as unauthorised equipment . But knowing a gadget ’s MAC addresses can beused for trackingthat gadget across different networks .
Rather than sharing the equipment ’s unparalleled MAC address , the iOS feature of speech would use a different “ private savoir-faire ” for each connection .
But it turns out that this feature film has n’t work out as intended since it was first present , according to security investigator Tommy Mysk and Talal Haj Bakry , who discovered a flaw that prevent the privacy feature from properly working .
In a video published this calendar week , Mysk explained that while iOS has replaced the twist ’s tangible MAC address with a randomly mother reference for each net , the twist ’s software also included the real MAC address in the AirPlay find requests that an iPhone sends when it joins a internet . These veridical MAC addresses were then propagate to every other affiliated gimmick on the connection .
Join us at TechCrunch Sessions: AI
Exhibit at TechCrunch Sessions: AI
“ There is no way to forbid iPhones and iPads from sending AirPlay discovery requests , even when connected to a VPN , ” Mysk say . “ Apple ’s devices do this to find AirPlay - capable devices in the web . ”
Mysk corroborate to TechCrunch that iPhones and iPads hold open send these request even when the drug user enabledLockdown Mode , an opt - in characteristic designed to protect against highly place cyberattacks .
Mysk said he first discovered this issue in July , and submitted a security account to Apple on July 25 . Mysk told TechCrunch that communication with Apple furnish a “ major obstruction , ” saying that the tech giant star was unable to replicate the “ straight ” yield until October 3 , when he was notified that a fix was uncommitted to be tested .
Apple this week desexualize the exposure , dog asCVE-2023 - 42846 , with the release of iOS 17.1 and iOS 16.7.2 for previous devices that can run away iOS 16 . As Mysk note , machine run iOS 14 or iOS 15 persist vulnerable .
Apple has not disclosed the severity of the bug , but Mysk notes that the exposure evaluation sexual conquest organisation classify the vulnerability as “ gamy . ”
Apple spokesperson Scott Radcliffe decline to reply TechCrunch ’s question .
Apple this week restore several other vulnerabilities with iOS 17.1 , including a flaw that may have allow an assailant to access passkeys without authentication , and a Siri hemipteran that could have exposed sensitive data to a hacker with physical memory access to a machine .
iOS 17 include these new certificate and privacy features
