iOS 17.1 finally resolves a three-year-old bug that may have comprised your privacy
As part of the iOS 17.1 update, Apple is introducing a fix for the iPhone’s Private Wi-Fi Address feature, finally allowing it to function as intended. Because it turns out that it no longer works properly since its introduction three years ago.
To give some background: Private Wi-Fi Address first appeared in 2020 on iOS 14. What it does is mask an iPhone’s Media Access Control (MAC) address with a different set of numbers when you connect to a Wi-Fi -Fi network. The real MAC address of your device is kept hidden so that potential attackers cannot track you. At least, that’s how it should work. Duo of cybersecurity experts Mysk recently published a YouTube video showing that it is possible for someone to find the actual MAC address if they know where to look.
Mysk explains that when an iPhone or iPad connects to a Wi-Fi network, it sends “multicast requests” to see if there are AirPlay devices nearby. If you have the technical know-how, you can find the address tucked away in Gate 5353. Obviously the video doesn’t provide instructions on how to do this, but it is possible. This error exists even if you have Lockdown Mode enabled because: Mysk told TechCrunchthat iPhones and iPads will continue to send these requests no matter what.
Better late than never
It took a while, but Apple eventually caught wind of the bug and fixed it. We recommend installing both iOS 17.1 and iPadOS 17.1 to ensure your devices have up-to-date security. The patch is available for iPhone XS and later models, the second generation iPad Pro 12.9-inch tablet, the third generation iPad Air, and the fifth generation iPad mini, to name a few. The full list can be found on Apple’s support website.
If you own a device running iOS 16, you can download iOS 16.7.2 or iPadOS 16.7.2 to receive the same fix. This extends the patch to slightly older hardware such as the iPhone 8. Unfortunately, Apple products running iOS 14 and 15 are still vulnerable. Apple has yet to upgrade the private WiFi address on older hardware. We contacted the company to ask if it has plans to extend the solution to older operating systems. This story will be updated if we hear back.
There have been no major incidents of bad actors using this bug to track people. But as a user you still want to be sure that your smartphone’s security software is not undermined in any way.
Several new features are part of the total package. If you’re interested in learning more, check out TechRadar’s rundown of the four biggest updates to iOS 17.1.