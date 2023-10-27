Three years ago, with the release of iOS 14, Apple introduced a privacy-enhancing feature that hid the Wi-Fi address of iPhones, iPads, Apple Watches, and Apple TVs when they joined a network. On Wednesday, the world learned that the feature has never worked as Apple had promised.

Dan Goodin for Ars Technica:

Despite promises that this never-changing address would be hidden and replaced with a private one that was unique to each SSID, Apple devices have continued to display the real one, which in turn got broadcast to every other connected device on the network. On Wednesday, Apple released iOS 17.1. Among the various fixes was a patch for a vulnerability, tracked as CVE-2023-42846, which prevented the privacy feature from working. Tommy Mysk, one of the two security researchers Apple credited with discovering and reporting the vulnerability (Talal Haj Bakry was the other), told Ars that he tested all recent iOS releases and found the flaw dates back to version 14, released in September 2020. “From the get-go, this feature was useless because of this bug,” he said. “We couldn’t stop the devices from sending these discovery requests, even with a VPN. Even in the Lockdown Mode.”

MacDailyNews Take: Yet another great reason to update to watchOS 10.1, tvOS 17.1, iOS 17.1, iPadOS 17.1, (and also iOS 16.7.2 and iPadOS 16.7.2 for older devices). More info:

