For years, iPhones have displayed users’ unique MAC addresses on Wi-Fi networks. Apple introduced a feature three years ago that would hide the Mac addresses, but the devices showed them anyway. Mac addresses can be used to track users.
The bug, which is identified as CVE-2023-42846, was discovered by security researchers Tommy Mysk and Talal Haj Bakry. They discovered that Apple’s Private Wi-Fi Addresses feature has been displaying the real MAC address of iPhones since its release, while the feature is supposed to generate a random address for every Wi-Fi network the iPhone connects to.
When an iPhone connects to a Wi-Fi network, the phone automatically sends a multicast request to find AirPlay devices on that network. That request should also include the mac address. The real address is replaced at first glance by a randomly generated variant, as is intended with Apple’s privacy feature. However, the two researchers discovered that the real MAC address is still displayed later in the multicast request, together with the fake address. Mysk demonstrates the vulnerability in a YouTube videoin which he uses the WireShark software to reveal the unique MAC address of an iPhone on his network.
Apple introduced its Private Wi-Fi Addresses feature in 2020 as part of iOS 14. The feature is intended to hide the mac address of an iPhone. Instead, a random address is generated for each Wi-Fi network the iPhone is connected to. Changing the MAC address for each network should prevent network administrators or other observers from tracking or profiling the user. is Apple’s explanation.
The security vulnerability was shared with Apple at the end of July. Apple has now patched the bug as part of iOS 17.1, which was released last Wednesday.