Apple Releases iOS 10.3.3 – What’s Included and Should You Upgrade?
iOS 10.3.3 is probably the last iOS update before iOS 11 gets released. Not too exciting, but definitely worth the download.
Apple is currently putting all its development efforts behind its next release of its iPad and iPhone mobile operating system, iOS 11. That said, the company hasn’t given up on maintaining the current version, iOS 10. While it’s approaching its sunset this fall, Apple continues to release important updates for it, the latest being iOS version 10.3.3.
The update follows version 10.3.2, released a couple months ago. Looking through the contents page for iOS 10.3.3, this is definitely a bug fix and security focused release; one you will definitely want to grab immediately. Numerous exploits have been closed, which include: arbitrary code execution, buffer overflows, remote attacks and several other low-level issues.
Editor’s note: It took me about 20 minutes to download and install iOS 10.3.3. Not only that, I seemed to have gained back about half a gigabyte of storage space afterward.
What’s Included in iOS 10.3.3?
Just like the May release of iOS 10.3.2, you won’t find any user-facing features—this is really about what’s under the hood. At 84 MBs, it’s a relatively small update, which shouldn’t be much of a hassle for Wi-Fi networks. But as with each of these updates, perform a quick backup just in case something unexpected happens. Some of the areas modified by the update include: Contacts, CoreAudio, EventkitUI, Kernel, IOUSBFamily, Messages, Notifications, Safari, Telephony, and Webkit. Webkit, in particular, receives quite a number of fixes in iOS 10.3.3.
The iOS 10.3.3 update supports Apple devices such as the iPhone 5 and later, iPad 4th generation and later, and iPod Touch 6th generation. You can download the update by launching Settings > General > Software Update > Download and Install.
For more details, here is a sample of what’s fixed and plugged in the 10.3.3 update.
Contacts
Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution
Description: A buffer overflow issue was addressed through improved memory handling.
CVE-2017-7062: Shashank (@cyberboyIndia)
CoreAudio
Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
Impact: Processing a maliciously crafted movie file may lead to arbitrary code execution
Description: A memory corruption issue was addressed with improved bounds checking.
CVE-2017-7008: Yangkang (@dnpushme) of Qihoo 360 Qex Team
EventKitUI
Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
Impact: A remote attacker may cause an unexpected application termination
Description: A resource exhaustion issue was addressed through improved input validation.
CVE-2017-7007: José Antonio Esteban (@Erratum_) of Sapsi Consultores
IOUSBFamily
Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2017-7009: shrek_wzw of Qihoo 360 Nirvan Team
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
Impact: An application may be able to execute arbitrary code with system privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2017-7022: an anonymous researcher
CVE-2017-7024: an anonymous researcher
CVE-2017-7026: an anonymous researcher
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2017-7023: an anonymous researcher
CVE-2017-7025: an anonymous researcher
CVE-2017-7027: an anonymous researcher
CVE-2017-7069: Proteas of Qihoo 360 Nirvan Team
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input sanitization.
CVE-2017-7028: an anonymous researcher
CVE-2017-7029: an anonymous researcher
libarchive
Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution
Description: A buffer overflow was addressed through improved bounds checking.
CVE-2017-7068: found by OSS-Fuzz
libxml2
Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information
Description: An out-of-bounds read was addressed through improved bounds checking.
CVE-2017-7010: Apple
CVE-2017-7013: found by OSS-Fuzz
libxpc
Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
Impact: An application may be able to execute arbitrary code with system privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2017-7047: Ian Beer of Google Project Zero
Messages
Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
Impact: A remote attacker may cause an unexpected application termination
Description: A memory consumption issue was addressed through improved memory handling.
CVE-2017-7063: Shashank (@cyberboyIndia)
Notifications
Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
Impact: Notifications may appear on the lock screen when disabled
Description: A lock screen issue was addressed with improved state management.
CVE-2017-7058: an anonymous researcher
Safari
Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
Impact: Visiting a malicious website may lead to address bar spoofing
Description: An inconsistent user interface issue was addressed with improved state management.
CVE-2017-2517: xisigr of Tencent’s Xuanwu Lab (tencent.com)
Safari Printing
Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to an infinite number of print dialogs
Description: An issue existed where a malicious or compromised website could show infinite print dialogs and make users believe their browser was locked. The issue was addressed through throttling of print dialogs.
CVE-2017-7060: Travis Kelley of City of Mishawaka, Indiana
Telephony
Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
Impact: An attacker in a privileged network position may be able to execute arbitrary code
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2017-8248
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
Impact: A malicious website may exfiltrate data cross-origin
Description: Processing maliciously crafted web content may allow cross-origin data to be exfiltrated by using SVG filters to conduct a timing side-channel attack. This issue was addressed by not painting the cross-origin buffer into the frame that gets filtered.
CVE-2017-7006: an anonymous researcher, David Kohlbrenner of UC San Diego
Should you Upgrade to 10.3.3?
Yup! Come on, look at that list— save for about 20 minutes of downtime, there’s no benefit to skipping all those security fixes. With the smartphone becoming our most prized possession, due to the amount of sensitive information we store on it, keeping it updated is our best defense. There really is nothing to lose updating. Sure, you might want to wait a day or two just to see if any reports surface regarding issues with the update. For me, these point updates for iOS 10 have been quite trouble-free.
As always, let us know in the comments your experience with the new update: was it slow, fast, did something bad happen, or was it just uneventful?
1 Comment
Leave a Reply
Leave a Reply
Marsha
July 20, 2017 at 7:09 am
I have a 2016 Ford Explorer and am experiencing sync problems. My iPhone 7 will connect and play music without a glitch, but I can hold a phone call. It connects every time, but will lose the connection and sometimes reconnect on its own.
Ford tells me it’s an Apple problem and AT&T problem, but I can’t get any resolution. I keep thinking one of these updates will fix the problem, but they haven’t yet.
Can you help some how?