On the Apple Update Regarding the Security Content of iOS 10.1
Apple released a statement regarding the security content of iOS 10.1 on October 24 which breaks down the various security-flaw patches relating to Apple iOS 10 facets and apps the platform contains or works with. The statement centers on Apple security updates and references the iPhone, iPad, or iPod versions the patches are available for, along with descriptions, impacts, developers who ID’d and fixed the flaws, as well as CVE-ID (Common Vulnerabilities and Exposures) so users can gain more clarity on cybersecurity issues, patches, and resolutions. It also prompts Apple iOS 10 users where they can encrypt communications with Apple corporate using the Apple Product Security PGP Key.
The bulk of Apple’s October 24 statement on the iOS 10 security update contains a comprehensive breakdown on the various aspects of the operating platform that received security patches. These included apps and third-party websites it syncs with, like FaceTime and WebKit, where identified CVEs existed, and gives advisements on specific interface vulnerabilities that were patched. These apps, third-party websites, and features include:
- CFNetwork Proxies
- Contacts
- CoreGraphics
- FaceTime
- FontParser
- Kernel
- libarchive
- libxpc
- Sandbox Profiles (both for photo directories and audio recording directories)
- Security
- System boot
- WebKit
Apple’s iOS 10 security update gives specific names of those developers who identified and patched the security flaws, naming 13 different areas of iOS 10 that contained flaws and were remedied. The October 24 statement was modified, or updated, on October 26, and provides a thoroughgoing explanation of how the security errors were found, by whom, what remedy was provided, and what their potential negative impact was.
Specific Threats
Some specific threats that existed before the security holes were patched include hackers being able to infiltrate your iPhone via “maliciously crafted” JPEG photo files, Apple reportedly told CBS News. That particular flaw was found by Marco Grassi, a security researcher at Keen Lab. The security flaw’s seriousness is understood when you realize that if you were to unwittingly view a corrupted JPEG file through your iPhone, the cyberspy who crafted it would then be able to take total control of your device. Though no official reports exist that this actually occurred, the fact that it could have happened makes many, no doubt, greatly appreciative of the efforts to patch the security flaw(s) by the Apple team.
How to Update Your Apple Device to iOS 10
If you want to update your iPad, iPod or iPhone to iOS 10, go to your device’s Settings >> iCloud, and then choose Backup Now. Once your device has been backed-up, go back to Settings >> General >> Software Update, then click Download and Install, and you should be all set. Click on the previous link to learn more details.
Need More Assistance with iOS 10?
If you need further assistance or advice on the Apple iOS 10 security update, NYNJA is a proven leader in providing IT consulting and cybersecurity in New York / New Jersey. Contact one of our IT experts at NY (845) 664-4357, NJ (201) 785-7800 or send us an email at info@nynja.com today, and we can help you with all your questions or needs.