Three years after Apple launched a menu setting known as Private Wi-Fi Address, a option to spoof community identifiers known as MAC addresses, the privateness safety could lastly work as marketed, due to a software program repair.

“To communicate with a Wi-Fi network, a device must identify itself to the network using a unique network address called a Media Access Control (MAC) address,” Apple explains in its documentation.

“If the device always uses the same Wi-Fi MAC address across all networks, network operators and other network observers can more easily relate that address to the device’s network activity and location over time. This allows a kind of user tracking or profiling, and it applies to all devices on all Wi-Fi networks.”

Private Wi-Fi Address goals to keep away from such monitoring by producing a special MAC deal with for every totally different Wi-Fi community.

But Apple’s identifier spoofing function hasn’t functioned correctly because it was launched for iOS 14, iPadOS 14, and watchOS 7 in September 2020 due a bug in mDNSResponder, a course of related to Apple’s Bonjour networking protocol.

The bug, CVE-2023-42846, was recognized by flaw finders Tommy Mysk and Talal Haj Bakry of Mysk Inc, which additionally makes varied iOS and macOS apps.

“Private Wi-Fi addresses have been useless ever since they were introduced in iOS 14,” they said in a Mastodon publish on Thursday. “When an iPhone joins a network, it sends multicast requests to discover AirPlay devices in the network. In these requests, iOS sends the device’s real Wi-Fi MAC address.”

The duo clarify that Apple’s software program replaces the machine’s precise MAC deal with within the information hyperlink layer with a generated MAC deal with. But till Apple repaired its code, the software program additionally handed the actual MAC deal with with the decoy in AirPlay discovery requests, even when linked to a VPN.

Bakry and Mysk decided this by utilizing the Wireshark community protocol analyzer, which revealed that the actual MAC deal with was being despatched within the Option Data: area, concatenated with the generated MAC deal with, as proven on this video.

Ironically, again in 2015, Apple resumed using mDNSResponder after its meant substitute, a daemon written in C++ known as discoveryd that was added a 12 months earlier as a part of OS X Yosemite, proved to be extra hassle than its C-based predecessor.

Apple didn’t reply to a request for remark. The firm patched the mDNSResponder bug on Wednesday with the discharge of iOS 17.1, iPadOS 17.1 and watchOS 10.1.

Users of iOS 16 and iPadOS 16 additionally obtained a repair, however these nonetheless clinging to iOS 15 didn’t. ®