Apple also fixed security vulnerabilities in iOS 10.2, which span accessibility, accounts, Find my iPhone, graphics drivers, image capture, local authentication, mail, media player, profiles, and springboard. Of note are some nasty sounding exploits that could potentially cause a denial of service from a maliciously crafted video, arbitrary code being executed from a malicious certificate, and a few holes that let people with physical access to your phone access some content without unlocking the screen. In the accessibility area, the ability to speak your password has been removed, since someone could overhear it. I suppose this means that visually impaired users will have to use Touch ID (indeed, iOS 10.2 immediately prompts you to set up Touch ID if you haven’t already).
Should You Upgrade Your iPad or iPhone 10.2?
iOS 10 was released in September followed by its first point update in late October. The new version has experienced fast adoption with more than 60% of Apple devices already running the operating system which tells me Apple is getting plenty of testing done by its user base on this new OS. However, there is no need to rush out and upgrade yet if you like to wait a few weeks to let 10.2 bake in the wild. The Apple ecosystem has millions of guinea pigs to find any potential bugs in a major update such as 10.2. So, wait it out a bit to see how users respond before jumping on it. That said, there are some vulnerabilities fixed by 10.2 which we’ve listed below; I encourage you to read through the vulnerabilities fixed and determine if any are worrisome enough for you to update immediately. If having the latest security fixes is critical to your peace of mind, I would go and grab it now (that’s usually the driver that pushes me to update…) If you use your iPhone and iPad with devices like an Apple TV, there are obvious benefits to getting it right now such as the new TV app with Up Next, Recommendations, and Discovery. Mail also received some love this time around with several bugs getting fixed. For me personally, I’m looking forward to the Bluetooth improvements as I have a headset that loves to randomly disconnect during phone conversations… Hopefully, the fix mentioned (see below) resolves that issue for me.
How to Install iOS 10.2 on Your iPhone or iPad
Users can download the latest iOS update by launching Settings > General > Software Update. Although this is a recommended update, make sure you perform a backup just in case. The update is quite large in comparison to previous releases, weighing around 359 MBs. [Editors note: From download to installation, this took me about 15 minutes.] Some users including myself have experienced issues with battery life under iOS 10.1.1; hopefully, this update will fix it. Here is a detailed list of what’s new and fixed in in iOS 10.2.
Security Fixes in iOS 10.2
Conclusion
iOS 10.2 includes some major updates for the iOS, but it may not be immediately compelling for all users. Personally, I recommend novice users wait a week to see if the community finds any nasty bugs with 10.2. If things are quiet, take the upgrade next week in order to get the latest security fixes.
Use Up Next to see the movies and shows you’re currently watching and pick up where you left offGet recommendations for new movies and TV shows in Watch Now Discover new apps and the latest iTunes releases in the Store Access the Library for your iTunes purchases and rentals
Emoji
Beautifully redesigned emoji that reveal even more detailOver 100 new emoji including new faces, food, animals, sports, and professions
Photos
Improves stabilization and delivers faster frame rate for Live PhotosImproves accuracy of groupings of similar photos of the same person in the People albumFixes an issue where Memories might generate a memory from photos of screenshots, whiteboards or receiptsFixes an issue where the camera would stay zoomed in after switching back from the Camera Roll on iPhone 7 PlusAdditional support for RAW digital cameras
Messages
Adds new love and celebration full screen effects in MessagesFixes an issue that sometimes prevented the keyboard from displaying in Messages
Music
Swipe up the Now Playing screen to more easily access Shuffle, Repeat and Up NextChoose how to sort Playlists, Albums, and Songs in Library
News
Stories you’ve saved for later now appear the new Saved sectionThe best paid stories from channels you subscribe to will now appear in a dedicated section in For YouIt’s now easier than ever to get to the next story, just swipe left or tap Next Story while reading
Fixes an issue that caused the Move sheet to persist after filing a Mail messageAddresses an issue with long press activating copy and paste in MailFixes an issue in which the wrong message would be selected after deleting a Mail conversation
Accessibility
Adds BraillePen14 support to VoiceOverFixes an issue where the braille table could switch unexpectedly with VoiceOverFixes an issue where sometimes Siri enhanced voices were unavailable to VoiceOverFixes an issue where VoiceOver users could not re-order items in listsFixes an issue where Switch Control was sometimes unable to delete Voicemails
Other improvements and fixes
Adds notification support for HomeKit accessories including window coverings, occupancy, motion, door/window, smoke, carbon monoxide, and water leak sensorsAdds notification support for HomeKit accessories when software updates are available to HomeKit accessories Improves Bluetooth performance and connectivity with 3rd party accessoriesFixes an issue that could cause FaceTime participants to appear out of focusFixes an issue that could cause FaceTime calls to appear with incorrect aspect ratio and orientationFixes an issue that prevented some Visual Voicemail from completing playbackFixes a Safari Reader issue that could cause articles to open as empty pagesFixes an issue that could cause Safari to quit unexpectedly after marking an item as read in Reading List
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: A nearby user may be able to overhear spoken passwords Description: A disclosure issue existed in the handling of passwords. This issue was addressed by disabling the speaking of passwords. CVE-2016-7634: Davut Hari Accessibility Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: A person with physical access to an iOS device may be able to access photos and contacts from the lock screen Description: A lock screen issue allowed access to photos and contacts on a locked device. This issue was addressed by restricting options offered on a locked device. CVE-2016-7664: Miguel Alvarado of iDeviceHelp Accounts Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: An issue existed which did not reset the authorization settings on app uninstall Description: This issue was addressed through improved sanitization. CVE-2016-7651: Ju Zhu and Lilang Wu of Trend Micro Find My iPhone Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: An attacker with an unlocked device may be able to disable Find My iPhone Description: A state management issue existed in the handling of authentication information. This issue was addressed through improved storage of account information. CVE-2016-7638: Sezer Sakiner, an anonymous researcher Graphics Driver Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: Watching a maliciously crafted video may lead to a denial of service Description: A denial of service issue existed in the handling of video. This issue was addressed through improved input validation. CVE-2016-7665: Moataz El Gaml of Schlumberger, an anonymous researcher Image Capture Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: A malicious HID device may be able to cause arbitrary code execution Description: A validation issue existed in the handling of USB image devices. This issue was addressed through improved input validation. CVE-2016-4690: Andy Davis of NCC Group Local Authentication Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: The device may not lock the screen after the idle timeout Description: A logic issue existed in the handling of the idle timer when the Touch ID prompt is shown. This issue was addressed through improved handling of the idle timer. CVE-2016-7601: an anonymous researcher Mail Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: An email signed with a revoked certificate may appear valid Description: S/MIME policy failed to check if a certificate was valid. This issue was addressed by notifying a user if an email was signed with a revoked certificate. CVE-2016-4689: an anonymous researcher Media Player Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: A user may be able to view photos and contacts from the lockscreen Description: A validation issue existed in the handling of media selection. This issue was addressed through improved validation. CVE-2016-7653 Profiles Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: Opening a maliciously crafted certificate may lead to arbitrary code execution Description: A memory corruption issue existed in the handling of certificate profiles. This issue was addressed through improved input validation. CVE-2016-7626: Maksymilian Arciemowicz (cxsecurity.com) SpringBoard Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: A person with physical access to an iOS device may be able to unlock the device Description: In some cases, a counter issue existed in the handling of passcode attempts when resetting the passcode. This was addressed through improved state management. CVE-2016-4781: an anonymous researcher SpringBoard Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: A person with physical access to an iOS device may be able to keep the device unlocked Description: A cleanup issue existed in the handling of Handoff with Siri. This was addressed through improved state management. CVE-2016-7597: an anonymous researcher Did you update to iOS 10.2 right away? Any issues? Would love to hear from our readers on everything from playing with the new features to upgrade experience! Comment Name * Email *
Δ Save my name and email and send me emails as new comments are made to this post.
