Mobile Threat Blog

  • Mobile
    Security Insights
  • Mobile
    Threat Research
  • Mobile
    Security Tips

Apple released its 10.3.2 iOS security update on May 15, 2017. In total, the following 41 vulnerabilities are fixed.

  • 23 Webkit vulnerabilities – Developers use iOS WebKit to display web pages inside their applications. Thus, WebKit vulnerabilities allow malicious websites to compromise applications using WebKit to potentially affect user devices.
  • 6 SQLite vulnerabilities – SQLite is used for storing and handling data by iOS apps. The vulnerabilities allow maliciously crafted SQL query or web content to arbitrary code execution. Input validation and improved memory management are used to fix the vulnerabilities.
  • 3 Kernel vulnerabilities – Kernel is the underlying foundation of iOS. Kernel vulnerabilities may lead to memory issues and arbitrary code execution with kernel privileges.
  • 2 iBooks vulnerabilities – iBooks is an app provided by Apple. The vulnerabilities allow a maliciously crafted book to open arbitrary websites without user permission or an application to execute arbitrary code with root privileges.
  • 7 other vulnerabilities: one each in Text Input, Security, Siri, Notifications, IOSurface, CoreAudio and AVEVideoEncoder.

Enhance Your Security by Keeping Up with OS Updates

Enterprise users should note that, although Apple has fixed a range of vulnerabilities with the 10.3.2 update, the security benefits are not reflected on devices unless users update the iOS. Thus, before attackers exploit these vulnerabilities, enterprise users should go to “Settings > General > Software Update” and update their iOS to the latest version.

OS updates are among the easiest and most cost-effective ways to prevent attacks from exploiting holes in older operating systems and we certainly recommend updating to this latest OS release given the numerous security updates it provides.