The update follows version 10.3.2, released a couple months ago. Looking through the contents page for iOS 10.3.3, this is definitely a bug fix and security focused release; one you will definitely want to grab immediately. Numerous exploits have been closed, which include: arbitrary code execution, buffer overflows, remote attacks and several other low-level issues. Editor’s note: It took me about 20 minutes to download and install iOS 10.3.3. Not only that, I seemed to have gained back about half a gigabyte of storage space afterward.
What’s Included in iOS 10.3.3?
Just like the May release of iOS 10.3.2, you won’t find any user-facing features—this is really about what’s under the hood. At 84 MBs, it’s a relatively small update, which shouldn’t be much of a hassle for Wi-Fi networks. But as with each of these updates, perform a quick backup just in case something unexpected happens. Some of the areas modified by the update include: Contacts, CoreAudio, EventkitUI, Kernel, IOUSBFamily, Messages, Notifications, Safari, Telephony, and Webkit. Webkit, in particular, receives quite a number of fixes in iOS 10.3.3. The iOS 10.3.3 update supports Apple devices such as the iPhone 5 and later, iPad 4th generation and later, and iPod Touch 6th generation. You can download the update by launching Settings > General > Software Update > Download and Install. For more details, here is a sample of what’s fixed and plugged in the 10.3.3 update. Source Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A buffer overflow issue was addressed through improved memory handling. CVE-2017-7062: Shashank (@cyberboyIndia) CoreAudio Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation Impact: Processing a maliciously crafted movie file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved bounds checking. CVE-2017-7008: Yangkang (@dnpushme) of Qihoo 360 Qex Team EventKitUI Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation Impact: A remote attacker may cause an unexpected application termination Description: A resource exhaustion issue was addressed through improved input validation. CVE-2017-7007: José Antonio Esteban (@Erratum_) of Sapsi Consultores IOUSBFamily Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-7009: shrek_wzw of Qihoo 360 Nirvan Team Kernel Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-7022: an anonymous researcher CVE-2017-7024: an anonymous researcher CVE-2017-7026: an anonymous researcher Kernel Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-7023: an anonymous researcher CVE-2017-7025: an anonymous researcher CVE-2017-7027: an anonymous researcher CVE-2017-7069: Proteas of Qihoo 360 Nirvan Team Kernel Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2017-7028: an anonymous researcher CVE-2017-7029: an anonymous researcher libarchive Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution Description: A buffer overflow was addressed through improved bounds checking. CVE-2017-7068: found by OSS-Fuzz libxml2 Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: An out-of-bounds read was addressed through improved bounds checking. CVE-2017-7010: Apple CVE-2017-7013: found by OSS-Fuzz libxpc Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-7047: Ian Beer of Google Project Zero Messages Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation Impact: A remote attacker may cause an unexpected application termination Description: A memory consumption issue was addressed through improved memory handling. CVE-2017-7063: Shashank (@cyberboyIndia) Notifications Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation Impact: Notifications may appear on the lock screen when disabled Description: A lock screen issue was addressed with improved state management. CVE-2017-7058: an anonymous researcher Safari Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2017-2517: xisigr of Tencent’s Xuanwu Lab (tencent.com) Safari Printing Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to an infinite number of print dialogs Description: An issue existed where a malicious or compromised website could show infinite print dialogs and make users believe their browser was locked. The issue was addressed through throttling of print dialogs. CVE-2017-7060: Travis Kelley of City of Mishawaka, Indiana Telephony Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation Impact: An attacker in a privileged network position may be able to execute arbitrary code Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-8248 WebKit Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation Impact: A malicious website may exfiltrate data cross-origin Description: Processing maliciously crafted web content may allow cross-origin data to be exfiltrated by using SVG filters to conduct a timing side-channel attack. This issue was addressed by not painting the cross-origin buffer into the frame that gets filtered. CVE-2017-7006: an anonymous researcher, David Kohlbrenner of UC San Diego
Should you Upgrade to 10.3.3?
Yup! Come on, look at that list— save for about 20 minutes of downtime, there’s no benefit to skipping all those security fixes. With the smartphone becoming our most prized possession, due to the amount of sensitive information we store on it, keeping it updated is our best defense. There really is nothing to lose updating. Sure, you might want to wait a day or two just to see if any reports surface regarding issues with the update. For me, these point updates for iOS 10 have been quite trouble-free. As always, let us know in the comments your experience with the new update: was it slow, fast, did something bad happen, or was it just uneventful? Comment Name * Email *
Δ Save my name and email and send me emails as new comments are made to this post.
