October 27, 2023 at 06:32PM
Apple has fixed a bug in its Private Wi-Fi Address feature, which generates different MAC addresses for different Wi-Fi networks to avoid user tracking. The bug allowed the device’s real MAC address to be sent with the decoy address, even when connected to a VPN. The issue has been fixed with the release of iOS 17.1, iPadOS 17.1, and watchOS 10.1.
The meeting notes discuss Apple’s Private Wi-Fi Address feature and the bug that has prevented it from functioning properly since its introduction in iOS 14, iPadOS 14, and watchOS 7. The bug, identified as CVE-2023-42846, was discovered by Tommy Mysk and Talal Haj Bakry of Mysk Inc. The bug caused the device’s real MAC address to be sent in AirPlay discovery requests, even when connected to a VPN. Apple has patched this bug with the release of iOS 17.1, iPadOS 17.1, and watchOS 10.1. Users still on iOS 15 did not receive the fix.