Apple patched 12 specific vulnerabilities with the release of iOS 10.2. Some of them fall into the common categories of arbitrary code execution and denial of service attacks. More interesting is the amazing number of bugs that allowed unauthorized people to access the device or content on the device – see below.
As always, Skycure recommends updating to new OS versions as soon as possible to minimize the window of vulnerability, where hackers may take advantage of these patched security holes. With Skycure installed, users get notifications as soon as they are available, instead of waiting for the Apple notification, which may come days later.
Here is a quick summary of Apple’s latest patches:
Arbitrary code execution
- CVE-2016-4690: A malicious USB image capture device may exploit mishandling of validation to execute code
- CVE-2016-7626: A memory corruption in the handling of malicious certificate profiles may allow code execution
Denial of Service
- CVE-2016-7665: Mishandling of a maliciously crafted video may lead to a denial of service
- CVE-2016-4689: S/MIME policy failure allowed an email signed with a revoked certificate to appear valid
- CVE-2016-7634: Accessibility services may speak a password that could be heard by someone nearby
- CVE-2016-7664: A person with physical access to the device may be able to access photos and contacts from the lockscreen
- CVE-2016-7651: Authorization settings may not get reset upon app uninstall
- CVE-2016-7638: Mishandling of authentication information may allow an attacker with an unlocked device to disable Find My iPhone
- CVE-2016-7601: An error in logic when handling the idle timer when the Touch ID prompt is shown may prevent the screen from locking
- CVE-2016-7653: A media handling validation issue may allow a user to view photos and contacts from the lockscreen
- CVE-2016-4781: A counter issue when handling passcode attempts may allow a person with physical access to a device to unlock it
- CVE-2016-7597: A cleanup issue with Siri Handoff may allow a person with physical access to a device to keep the device unlocked
Learn more about the security content of iOS 10.2 on Apple’s website.