iPhone and iPad Leaked MAC Addresses for Three Years Due to Privacy Bug
Recently, Apple released a patch for a vulnerability in iOS that allowed mobile devices to be tracked by their MAC address. The issue stemmed from a flawed implementation of a privacy feature introduced to iPhones three years ago.
This mechanism was designed to prevent such tracking and is enabled by default. When a device connects to a Wi-Fi network, it is supposed to hide its real MAC address by replacing it with a unique private address.
However, due to a coding error, the actual (permanent) MAC address was still being broadcast to all devices connected to the Wi-Fi network (via port 5353/UDP). It was simply written into a different field of the discovery request.
In a comment to Ars Technica, one of the researchers who discovered the issue, Tommy Mysk, noted that he tested all iOS releases from recent years and found the same problem in every version since iOS 14 (September 2020).
βThe feature was useless from the very beginning because of this bug,β the researcher lamented. βNeither VPNs nor Lockdown Mode could prevent these requests from being sent from devices.β
The patch for this vulnerability (CVE-2023-42846) is included in the iOS 17.1 and iPadOS 17.1 updates, which were released on October 25.