iOS 10.2.1 Fixes a Number of Bugs, Including the Contact Card Trick That Crashed iPhones

Author Photo
Jan 23, 2017
14Shares
Submit

Apple today released iOS 10.2.1 to the public after several weeks of internal and beta testing. Today’s update to iOS devices comes over a month after the release of iOS 10.2. However, it is a minor update, promising no major feature improvements. Apple said that the update includes bug fixes and security improvements.

The security page has now been updated showing a list of vulnerabilities in the WebKit, parsing of contact cards, logic issues, and kernel issues among others. The contact cards issue is likely linked to the bug that promised to crash your friends’ iOS devices. “Processing a maliciously crafted contact card may lead to unexpected application termination,” the bulletin reads. The issue has been addressed through improved input validation.

Related Trump’s iPhone Has Only One App Installed and We Wish It Wasn’t Twitter

We have shared the complete bulletin at the end of this post that lists all the security vulnerabilities – many of which lead to arbitrary code execution – that iOS 10.2.1 has fixed. Apple has also fixed a bug that could allow attackers to access the home screen on an activation-locked device.

An important security update, it is available for all iOS 10 users, including:

  • iPhone 5 and newer
  • Fourth-generation iPad and newer
  • iPad Mini 2 and newer
  • iPad Pros
  • Sixth-generation iPod Touch

iOS 10.2.1 is an over-the-air update available to all iOS 10 users. Users are recommended to install and download the update to get all the security patches released today. However, it may not be immediately available to all devices.

iOS 10.2.1 security bulletin

Auto Unlock

Related New Fitness Tracker Study Proves The Apple Watch To Be Most Accurate At Measuring Heart Rate

Impact: Auto Unlock may unlock when Apple Watch is off the user’s wrist

Description: A logic issue was addressed through improved state management.

Contacts

Impact: Processing a maliciously crafted contact card may lead to unexpected application termination

Description: An input validation issue existed in the parsing of contact cards. This issue was addressed through improved input validation.

Kernel

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A buffer overflow issue was addressed through improved memory handling.

Kernel

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed through improved memory management.

libarchive

Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution

Description: A buffer overflow issue was addressed through improved memory handling.

WebKit

Impact: Processing maliciously crafted web content may exfiltrate data cross-origin

Description: A prototype access issue was addressed through improved exception handling.

WebKit

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: Multiple memory corruption issues were addressed through improved memory handling.

WebKit

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A memory initialization issue was addressed through improved memory handling.

WebKit

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: Multiple memory corruption issues were addressed through improved input validation.

WebKit

Impact: Processing maliciously crafted web content may exfiltrate data cross-origin

Description: A validation issue existed in the handling of page loading. This issue was addressed through improved logic.

WebKit

Impact: A malicious website can open popups

Description: An issue existed in the handling of blocking popups. This was addressed through improved input validation.

WebKit

Impact: Processing maliciously crafted web content may exfiltrate data cross-origin

Description: A validation issue existed in the handling of variable handling. This issue was addressed through improved validation.

WiFi

Impact: An activation-locked device can be manipulated to briefly present the home screen

Description: An issue existed with handling user input that caused a device to present the home screen even when activation locked. This was addressed through improved input validation.

Thanks for the tip, Jesse.

Submit