As part of the iOS 17.1 update, Apple is rolling out a fix for the iPhone’s Private Wi-Fi Address feature, finally allowing it to function as intended. Because as it turns out, it hasn’t been working properly ever since it was introduced three years ago.
To give some background, Private Wi-Fi Address first appeared back in 2020 on iOS 14. What it does is mask an iPhone’s Media Access Control (MAC) address with a different set of numbers whenever you connect to a Wi-Fi network. Your device’s real MAC address is kept hidden so any potential bad actors won’t be able to track you. At least, that’s how it was supposed to work. Cybersecurity expert duo Mysk recently published a YouTube video revealing it is possible for someone to find the actual MAC address if they know where to look.
Mysk explains that whenever an iPhone or iPad connects to a Wi-Fi network, it proceeds to send out “multicast requests” to see if there are any AirPlay devices in the nearby area. If you have the technical know-how, you can find the address tucked away in Port 5353. Obviously, the video doesn’t provide any instructions on how to do this, however it is possible. This flaw exists even if you have Lockdown Mode enabled as, Mysk told TechCrunch, that iPhones and iPads will continue to send out those requests regardless.
Better late than never
It took a while, but Apple eventually caught wind of the flaw and fixed it. We recommend installing iOS 17.1 as well as iPadOS 17.1 to make sure your devices have up-to-date security. The patch is available for iPhone XS and later models, the second-generation iPad Pro 12.9-inch tablet, the third-generation iPad Air, plus the fifth-gen iPad mini just to name a few. The full list can be found on Apple’s support website.
If you own a device running iOS 16, you can download iOS 16.7.2 or iPadOS 16.7.2 to receive the same fix. This expands the patch to slightly older hardware like the iPhone 8. Unfortunately, Apple products running iOS 14 and 15 are still vulnerable. Apple has yet to upgrade Private Wi-Fi Address on older hardware. We reached out to the company asking if it has plans to expand the fix to older operating systems. This story will be updated if we hear back.
There haven’t been any major incidents revolving around bad actors using this bug to follow people. But still, as a user, you want to make sure your smartphone’s security software isn’t undermined in any way.
Several new features are a part of the overall package. If you want to know more, check out TechRadar’s breakdown of the four biggest updates found on iOS 17.1.