iOS version 11.2.5 was released on Jan 23, 2017. In total, the following 10 vulnerabilities are fixed in this security update:
- 4 Kernel vulnerabilities – The kernel is the underlying foundation of iOS. Kernel vulnerabilities may lead to memory issues and arbitrary code execution with kernel privileges. These vulnerabilities are fixed through improved input validation, locking (race condition) and memory handling.
- 1 Audio vulnerability – This vulnerability allows maliciously crafted audio files to execute arbitrary code on iOS devices. The vulnerability is eliminated with improved input validation.
- 1 Bluetooth vulnerability – This vulnerability in iOS Bluetooth Core enables third-party applications to execute codes with system-level privileges. This is remediated with improved memory handing.
- 1 LinkPresentation vulnerability – Attackers may use maliciously crafted text messages to launch denial-of-service attack on applications. This vulnerability is addressed with improved input validation.
- 1 QuartzCore vulnerability – This vulnerability allows maliciously crafted web content to execute arbitrary code. This issue is addressed with better input validation.
- 1 Security vulnerability – This vulnerability compromises the evaluation of certificates by allowing the constraints to be named incorrectly. This is improved by modifying trust evaluation of certificates.
- 1 WebKit vulnerability – This vulnerability allows maliciously crafted web content to execute arbitrary code. This issue is fixed with better memory handling.
Enhance Your Security by Keeping Up with OS Updates
Enterprise users should note that, although Apple has fixed a range of vulnerabilities with the 11.2.5 update, the security benefits are not reflected on their devices unless users update the OS to this latest version. Thus, before attackers exploit these vulnerabilities, enterprise users should go to “Settings > General > Software Update” and update their iOS devices to the latest version.
OS updates are among the easiest and most cost-effective ways to prevent attacks from exploiting holes in older operating systems and we certainly recommend updating to this latest OS release given the numerous security updates it provides.