iOS 10.2 Fixes 12 Security Bugs, Including Video Crashing, Lockscreen Access & Passcode Issues

Author Photo
Dec 12, 2016
11Shares
Submit

We have seen a number of security problems with iOS lately. From videos crashing iPhone to people managing to access photos and contacts from the lockscreen – there has been a plethora of security loopholes that were publicly shared in the last month by different sources.

Apple today released iOS 10.2, bringing quite a few new features and updates. However, what’s even more important than new features is a strong security system. The company has fixed at least 12 security vulnerabilities with the release of iOS 10.2, including two flaws that could lead to arbitrary code execution. Here’s the complete iOS 10.2 security bulletin and the popular bugs that it has fixed.

iphone-hack-2RelatedThere’s a $500 Box Available in the Market That Hacks into Any iPhone 7 and 7 Plus

iOS 10.2 security – what’s fixed

With today’s release, Apple has fixed a number of well-publicized security issues. The company fixed a security vulnerability that allowed anyone with access to an iPhone or iPad to access contacts and photos on the device from the lockscreen. “This issue was addressed by restricting options offered on a locked device,” the bulletin reads. Another problem occurred when a user was able to view photos and contacts from the lockscreen. The “validation issue existed in the handling of media selection,” which was addressed through improved validation.

A serious security vulnerability was shared earlier where a person with physical access to an iOS device may be able to unlock the device, bypassing the handling of passcode attempts when resetting it. The bug is fixed now.

Probably one of the most popular iOS security flaws reported this past month was a video crashing issue. “Watching a maliciously crafted video may lead to a denial of service,” problem that existed in the handling of video. The problem was addressed through improved input validation.

You can get the latest iOS 10.2 security measures right away. Head over to Settings General Software Update and install iOS 10.2 to fix these critical security vulnerabilities.

safari-securityRelatedAttackers Launched a Safari Scareware Campaign to Extort Users Watching Porn

Complete iOS 10.2 security bulletin:

Impact: A nearby user may be able to overhear spoken passwords

Description: A disclosure issue existed in the handling of passwords. This issue was addressed by disabling the speaking of passwords.

CVE-2016-7634

Impact: A person with physical access to an iOS device may be able to access photos and contacts from the lock screen

Description: A lock screen issue allowed access to photos and contacts on a locked device. This issue was addressed by restricting options offered on a locked device.

CVE-2016-7664

Impact: An issue existed which did not reset the authorization settings on app uninstall

Description: This issue was addressed through improved sanitization.

CVE-2016-7651

Impact: An attacker with an unlocked device may be able to disable Find My iPhone

Description: A state management issue existed in the handling of authentication information. This issue was addressed through improved storage of account information.

CVE-2016-7638

Impact: Watching a maliciously crafted video may lead to a denial of service

Description: A denial of service issue existed in the handling of video. This issue was addressed through improved input validation.

CVE-2016-7665

Impact: A malicious HID device may be able to cause arbitrary code execution

Description: A validation issue existed in the handling of USB image devices. This issue was addressed through improved input validation.

CVE-2016-4690

Impact: The device may not lock the screen after the idle timeout

Description: A logic issue existed in the handling of the idle timer when the Touch ID prompt is shown. This issue was addressed through improved handling of the idle timer.

CVE-2016-7601

Impact: An email signed with a revoked certificate may appear valid

Description: S/MIME policy failed to check if a certificate was valid. This issue was addressed by notifying a user if an email was signed with a revoked certificate.

CVE-2016-4689

Impact: A user may be able to view photos and contacts from the lockscreen

Description: A validation issue existed in the handling of media selection. This issue was addressed through improved validation.

CVE-2016-7653

Impact: Opening a maliciously crafted certificate may lead to arbitrary code execution

Description: A memory corruption issue existed in the handling of certificate profiles. This issue was addressed through improved input validation.

CVE-2016-7626

Impact: A person with physical access to an iOS device may be able to unlock the device

Description: In some cases, a counter issue existed in the handling of passcode attempts when resetting the passcode. This was addressed through improved state management.

CVE-2016-4781

Impact: A person with physical access to an iOS device may be able to keep the device unlocked

Description: A cleanup issue existed in the handling of Handoff with Siri. This was addressed through improved state management.

CVE-2016-7597

Thank you for the tip, Jesse.

Submit