iOS version 11.2 was released on Dec 2, 2017, but the details of the 11.2 iOS security update only became available on Dec 7, 2017. Many speculate that Apple rushed the release due to its restart bug affecting new iPhones. In total, the following 11 vulnerabilities are fixed in this security update:
- 5 Kernel vulnerabilities – The kernel is the underlying foundation of iOS. Kernel vulnerabilities may lead to memory issues and arbitrary code execution with kernel privileges.
- 3 IO vulnerabilities – IO vulnerabilities are related to low-level drivers and image frame buffers. The vulnerabilities exist in IOKit, IOMobileFrameBuffer and IOSurface.
- 2 Mail vulnerabilities – Encryption vulnerabilities allow an attacker to intercept emails and email drafts from iOS devices. This may result in leakage of user emails.
- 1 WiFi vulnerability – This WiFi vulnerability allows an attacker to decrypt and intercept network information from iOS devices.
Enhance Your Security by Keeping Up with OS Updates
While some news articles do not recommend updating iOS 11.2 due to its battery issues, it is NOT the best security practice to keep the old OS version.
Enterprise users should note that, although Apple has fixed a range of vulnerabilities with the 11.2 update, the security benefits are not reflected on devices unless users update the OS to this latest version. Thus, before attackers exploit these vulnerabilities, enterprise users should go to “Settings > General > Software Update” and update their iOS devices to the latest version.
OS updates are among the easiest and most cost-effective ways to prevent attacks from exploiting holes in older operating systems and we certainly recommend updating to this latest OS release given the numerous security updates it provides.