Apple just released the iOS 10.1 update. Those with Skycure installed would have been notified of this yesterday, as soon as it was first available. This allows for the minimum exposure time to unknown vulnerabilities, and all iOS users are encouraged to update as soon as possible.
With this update there are just a few significant security enhancements, including code execution, privilege escalation and memory disclosure. Here are some details on these fixes.
- A vulnerability in parsing JPEG images may lead to code execution. These kinds of attacks can originate from a malicious website, an MMS message or any other source including an attached image. (CVE-2016-4673)
- Webkit vulnerabilities may expose users visiting a maliciously crafted website to arbitrary code execution. (CVE-2016-4677)
- A vulnerability in libxpc may enable an attacker to execute code with root privileges. (CVE-2016-4675)
- A local user may be able to execute code in the kernel. (CVE-2016-4669)
- A Kernel memory disclosure vulnerability may help an attacker exploit vulnerabilities that are otherwise mitigated by the kernel’s security mechanisms. (CVE-2016-4680)
- A vulnerability in libarchive may allow an attacker to overwrite arbitrary files. (CVE-2016-4679)
Learn more about the security content of iOS 10.1 on Apple’s website.