A format-string bug believed to be a low-risk denial-of-service issue turns out to be much nastier than expected. A vulnerability in Apple iOS opens the door to remote code execution, researchers found. The bug, dubbed WiFiDemon, would allow an attacker to take over the phone, install malware and steal data. It s expected to be patched in the next week or so, according to some sources. Apple hasn t issued a patch for the RCE part of the bug.
Source: https://threatpost.com/unpatched-iphone-bug-remote-takeover/167922/