Best Security Search
Security News

IOS 10.3 Update Fixes Serious iPhone Issues

Apple released the iOS 10.3 update which fixes serious vulnerabilities in iPhone devices, continue reading to find out more.

iOS 10.3 Update Fixes The iPhone Song Hack

An anonymous hacker has identified a dangerous bug. The issue has been flagged as of high importance as it has allowed hackers to bypass the security of the mobile operating system by using songs. The trick is to use hide exploit code found in MP3 and MP4 files which are used for multimedia purposes as the malicious users identified flaws in the way the data is validated. The issue is very reminiscent of an almost identical case that plagued Android back in 2015. This was during the Stagefright mass infection campaign where a bug allowed remote code execution. In the analyzed samples the hackers used M4A audio files that are used to distribute songs among the device owners to deliver dangerous malware. The vulnerability is tracked in two advisories:

  1. CVE-2017-2430 – An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the “Audio” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted audio file.

  2. CVE-2017-2462 – An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the “Audio” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted audio file.

Other Fixes Are Included In The iOS 10.3 Update As Well

A lot of vulnerabilities are addressed in the update that fix other issues. Among them are the following:

  • The Accounts Issue – Device owners of iPhone (models 5 and later), iPad (4th generation and later), as well as iPod Touch (6th generation and later) are impacted by a serious accounts-related problem. Malicious users can view their Apple IDs from the lock screen when they are near the devices. This is done by reading an iCloud authentication prompt. The issue is tracked in the CVE-2017-2397 advisory as well.

  • Various System Issues – A total of 82 vulnerabilities are fixed in the update.

  • Core Protocols Implementations – Issues that are related to protocol behavior and application interaction.

  • Kernel Updates – The Apple team ha remedied several vulnerabilities that are related to arbitrary code execution with kernel or root privileges

The total list of updated packages and iOS components includes the following:

Accounts, Audio, Carbon, CoreGraphics, CoreText, DataAccess, FontParser, HomeKit, HTTPProtocol, ImageIO, iTunes Store, Kernel, Keyboards, Keychain, libarchive, libc++abi, libxslt, Pasteboard, Phone, Profiles, Quick Look, Safari, Safari Reader, SafariViewController, Security, Siri, WebKit, WebKit JavaScript Bindings, WebKit Web Inspector.

The iOS 10.3 Update Brings The New Apple File System (APFS)

This update also brings in the new Apple filesystem. It is optimized for all devices made by the company to make them faster and more secure. APFS is optimized for Flash and SSD storage and engineered with encryption in mind. Some of its technical advantages over the older HFS+ system are detailed below:

  • Performance-Oriented – APFS uses 64-bit inodes and it may increase the read-write speed and the space used by the files. A new mechanism handles the file size calculation.

  • Clones – This is a new feature which allows the operating system to create power-efficient and quick file copies on the same volume without actually occupying additional space. If modifications are made they are saved elsewhere and the data shares the unmodified blocks. The changes are made as file differences in a manner similar to document revisions.

  • Snapshots – They make instant read-only instances of the file system that can be used as backups.

  • Encryption – APFS supports file disk encryption. The following options are available: no encryption, single-key encryption and multi-key encryption.

  • Increased Maximum Number Of Files – Over 9 quintillion files on a single volume are supported.

  • Data Integrity – Checksums are used to ensure that the generatated meta data are not corrupted.

  • Crash Protection – Various processes are optimized which should result in less application crashes and other problems caused by mishandling of file operations.

We recommend that all users update to the latest version of Apple iOS as soon as it is available for download.

Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.