Apple just released an official iOS update (9.3.2) to users and we highly recommend everyone to install this latest iOS version due to the sheer number of security updates that it contains.
The main security updates in this iOS version include patching of the following vulnerabilities:
- A vulnerability that enables a person to access photos and contact information from the lock screen of someone’s phone, without unlocking the phone
- Kernel vulnerabilities (privilege escalation) – Multiple vulnerabilities were discovered in the iOS kernel. These vulnerabilities may allow apps to gain kernel privileges and “break out” of the iOS sandbox, making potential malicious apps a lot more dangerous.
- WebKit: multiple code execution vulnerabilities – Due to multiple vulnerabilities in the WebKit code (the layout engine powering Safari) malicious websites may execute code on a customer’s phone. If used in combination with one of the kernel vulnerabilities, this could allow an attacker to gain full control of a phone.
- Privileged network vulnerabilities: CFNetwork Proxies & MapKit – An attacker in a privileged network position may be able to leak sensitive information. This was fixed by enabling HTTPS for shared links and improved URL handling.
Learn more about the security content of iOS 9.3.2 on Apple’s website.