iOS 11 Includes Patches for Several Vulnerabilities
September 19, 2017, marked the arrival of iOS 11, just in time for the release of the iPhone 8 and 8 Plus. The big annual update of Apple’s mobile operating system added a few new features into the mix for users, from a brand new Control Center to a keyboard made for one-handed texting.
However, amidst the new features, it turns out that iOS 11 is also an important security update. The updated operating system includes important patches for a variety of iOS vulnerabilities. Apple also patched bugs for proprietary apps like Safari and iBooks.
The CVEs (Common Vulnerabilities and Exposures) that Apple patched with the iOS update include:
- WebKit: In iOS, many apps connect to the internet to provide their services. Thus, WebKit—an open source web browser engine—is crucial to apps such as Safari and Mail, among many others. With the iOS 11 update, Apple patched not one, but two WebKit vulnerabilities. The first, CVE-2017-7089, is a bug that leads to “universal cross site scripting.” The second, CVE-2017-7106, could allow a hacker to spoof your address bar. Apple’s patches for these vulnerabilities will allow for more secure web browsing in iOS 11. Apple also patched a Safari vulnerability that would have opened the door for address bar spoofing.
- MobileBackup: A known vulnerability in iOS MobileBackup could have led to the creation of unencrypted backups. Apple’s iOS 11 update patches this vulnerability to keep your personal data safer.
- Wi-Fi: Several of the CVEs that Apple patched with iOS 11 (seven of them, to be exact) had to do with Wi-Fi. These vulnerabilities all had to do with malicious code execution on the Wi-Fi chip.
- Exchange ActivSync: The CVE-2017-7088 vulnerability patched here would have allowed an attacker on a user’s network to attack that user’s iPhone or iPad during the Exchange account setup process. Specifically, the attacker would have been able to erase the contents of the device.
In addition to these patches, Apple also fixed various vulnerabilities in iBooks, Messages, Mail, and MessageUI that would have made devices vulnerable to denial-of-service attacks. Without the patch, hackers can use specially crafted messages, images, corrupt files, and other means to crash Apple mobile devices.
To read about the security patches of iOS 11 in detail, visit the “About the security content of iOS 11” page on Apple’s support site. To update to the new operating system, navigate to Settings>General>Software Update on your iPhone or iPad.