Three years ago, Apple introduced a privacy-enhancing feature that hid the Wi-Fi address of iPhones and iPads when they were online. However, Arstechnica reports that Apple devices still show their real addresses to all connected devices on the network.
MAC is a Wi-Fi media access control address, which can be used to track devices from network to network, much like using license plates to track individuals and vehicles as they move around a city. In 2013, a researcher announced a prototype device that could record the MAC address of all the devices it came into contact with.
A decade later, HTTPS encryption is standard, so it's generally not possible for people on the same network to monitor each other's traffic. But MAC addresses still offer plenty of tracking possibilities.
In 2020, Apple released iOS 14 with a feature that by default hides the MAC address when the iPhone connects to a network. Instead, the device displays a "private Wi-Fi address" as described by Apple, which will appear differently for each SSID.
Apple recently released iOS 17.1, which includes a patch for a vulnerability CVE-2023-42846 that prevents this security feature from working. One of the two security researchers who discovered and reported this vulnerability said that they tested all recent iPhone operating systems and discovered that this vulnerability existed since iOS 14, released in September 2020.
 When an iPhone or any device joins a network, it triggers a multicast message that is sent to all other devices on the network with the outgoing MAC address information. As of iOS 14, this value is different for each SSID by default. 
Although it was launched 3 years ago, the new Private Address feature is really useful on iOS 17.1
The researcher posted a short video showing a Mac using Wireshark to monitor traffic on the local network it's connected to. On iPhones running iOS prior to version 17.1, it shares its real MAC address over port 5353.
This feature is not useless, however, as it does prevent network sniffing programs. But the failure to strip the real MAC from port 5353/UDP means that anyone connecting to the network can get the unique identifier without any difficulty.
The security flaw has minimal impact on most iPhone and iPad users, but for those with strict privacy concerns, the fact that devices can't hide their MAC addresses for three years is a problem, especially since Apple explicitly promises that using the feature reduces tracking of users' iPhones across different Wi-Fi networks.
Source link



![[Photo] Prime Minister Pham Minh Chinh and United Nations Secretary-General Antonio Guterres attend the Press Conference of the Hanoi Convention Signing Ceremony](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/10/25/1761391413866_conguoctt-jpg.webp)
![[Photo] Prime Minister Pham Minh Chinh receives United Nations Secretary-General Antonio Guterres](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/10/25/1761390212729_dsc-1484-jpg.webp)
![[Photo] National Assembly Chairman Tran Thanh Man receives United Nations Secretary-General Antonio Guterres](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/10/25/1761390815792_ctqh-jpg.webp)


















![[Photo] General Secretary To Lam meets with General Secretary and President of Laos Thongloun Sisoulith](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/10/25/1761380913135_a1-bnd-4751-1374-7632-jpg.webp)






















































Comment (0)