Apple Issues iOS 10.1 to Patch a Critical Web Content Vulnerability
In its newest push to make its iOS products safer, Apple has released iOS update 10.1, featuring an array of twelve different patches for various parts of the system. While details on many of these patches are scant at best, we do know one of the major vulnerabilities patched in this update. Apple took extra steps to close a loophole that could allow what it terms “maliciously crafted web content” to exploit and hijack iOS devices. What exactly does that mean? Put simply; there was a risk that viewing an infected JPEG image could harm your iPhone.
How is this possible? In fact, it’s very simple to hide other types of data inside a JPEG image. In the past, people used this for fun tricks like a picture that also contained a music file. Today, however, there is always the risk that someone may be trying to hide malicious code inside innocent-looking images. On a patched system, viewing such an image likely would have no result. Before the iOS 10.1 patch, however, a user opening a malicious JPEG might have been able to open it without even knowing they were at risk.
When you view a JPEG containing malicious content on iPhone, for example, it exploits a memory error. Through this error, the code gains full access to your device and can then execute arbitrary code as it likes. In other words, it can hijack your phone! Avoiding this issue is tough because there is no way to tell if a JPEG is a potential threat immediately. All iPhone users should strongly consider applying this update as soon as possible to protect themselves. Remember to create a backup of your phone’s data before applying any patches. However, there is one caveat about this patch to note.
Unfortunately, some additional issues appeared during the rollout of iOS 10.1. A subset of users are now experiencing increased battery consumption and a consistent power drain with 10.1, perhaps as a result of some of the added security. As with previous updates, consider power cycling your device to see if this corrects the issue. We’ll continue to wait and see whether Apple releases a subsequent patch to aid in fixing the battery issue. For now, at least, you can rest easier knowing that there’s no risk of infection on your phone just from looking at online images.
