The last update to iOS 10 came with the 10.2.1 update in January 2017; preceded by 10.2 in December 2016 and 10.1 in October 2016. Prominent parts of the operating system have been modified in the 10.3 release, such as your Apple ID Profile settings which now have a more detailed listing for iCloud storage. The new version will also inform users about outdated apps that are no longer compatible with the OS. Smart homes also get some love with the ability to program light switches. Plus, there are additions to Sirikit such as bill payment, status, and scheduling future rides.
Should You Upgrade Your iPad or iPhone to iOS 10.3?
Now, for the part you have all been waiting for: Should you upgrade? Yes, it’s a maintenance update and we all know how important these are, especially for security. But…. iOS users need to approach this one with a little bit of caution due to core changes such as the file system update. To switch your device over to APFS, your iOS device is going to have to essentially wipe itself clean and reformat itself. This will all happen behind the scenes, but the risk of losing your data is higher with this update. The iOS 10.3 update is quite hefty, weighing in at around 611 MBs. Users can download the latest iOS update by launching Settings > General > Software Update. It took me 15 minutes to download and install iOS 10.3 on an iPhone 6s. Although this is a recommended update, make sure you perform a backup just in case. As always, it doesn’t hurt to wait a bit to see how well the large Apple ecosystem handles the latest release. Apple’s internal development processes are aligned across product groups these days. Apple also released updates for the company’s other platforms such as macOS, watchOS, tvOS, and CarPlay. So, make sure you grab those too for the optimum experience if you are heavily invested in the Apple ecosystem. In the meantime, here is the usual laundry list of bug fixes and security updates included: The list of security patches and fixes is longer and less interesting. Here they are: Find My iPhone View the current or last known location of your AirPods Play a sound on one or both AirPods to help you find them Siri Support for paying and checking status of bills with payment apps Support for scheduling with ride booking apps Support for checking car fuel level, lock status, turning on lights and activating horn with automaker apps Cricket sports scores and statistics for Indian Premier League and International Cricket Council CarPlay Shortcuts in the status bar for easy access to last used apps Apple Music Now Playing screen gives access to Up Next and the currently playing song’s album Daily curated playlists and new music categories in Apple Music Other improvements and fixes Rent once and watch your iTunes movies across your devices New Settings unified view for your Apple ID account information, settings and devices Hourly weather in Maps using 3D Touch on the displayed current temperature Support for searching “parked car” in Maps Calendar adds the ability to delete an unwanted invite and report it as junk Home app support to trigger scenes using accessories with switches and buttons Home app support for accessory battery level status Podcasts support for 3D Touch and Today widget to access recently updated shows Podcast shows or episodes are shareable to Messages with full playback support Fixes an issue that could prevent Maps from displaying your current location after resetting Location & Privacy VoiceOver stability improvements for Phone, Safari and Mail
Conclusion
With this final, major update, Apple is likely to set its focus on the next major release, iOS 11; notwithstanding any possible unforeseen issues with the APFS update. We are likely to see our first preview of iOS 11 at the company’s annual developer conference WWDC. Like I said before, I personally have been pleased with iOS since I made the switch to an iPhone. The platform “just works” as intended and stability has kept up with each revision of the OS. I am sure that will change as my iPhone ages and newer, fancier features start showing up in future revisions. For now, it’s all good. Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: A user may be able to view an Apple ID from the lock screen Description: A prompt management issue was addressed by removing iCloud authentication prompts from the lock screen. CVE-2017-2397: Suprovici Vadim of UniApps team, an anonymous researcher Audio Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2017-2430: an anonymous researcher working with Trend Micro’s Zero Day Initiative CVE-2017-2462: an anonymous researcher working with Trend Micro’s Zero Day Initiative Carbon Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: Processing a maliciously crafted .dfont file may lead to arbitrary code execution Description: A buffer overflow existed in the handling of font files. This issue was addressed through improved bounds checking. CVE-2017-2379: John Villamil, Doyensec, riusksk (泉哥) of Tencent Security Platform Department CoreGraphics Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: Processing a maliciously crafted image may lead to a denial of service Description: An infinite recursion was addressed through improved state management. CVE-2017-2417: riusksk (泉哥) of Tencent Security Platform Department CoreGraphics Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved input validation. CVE-2017-2444: Mei Wang of 360 GearTeam CoreText Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2017-2435: John Villamil, Doyensec CoreText Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: An out-of-bounds read was addressed through improved input validation. CVE-2017-2450: John Villamil, Doyensec CoreText Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: Processing a maliciously crafted text message may lead to application denial of service Description: A resource exhaustion issue was addressed through improved input validation. CVE-2017-2461: Isaac Archambault of IDAoADI, an anonymous researcher DataAccess Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: Configuring an Exchange account with a mistyped email address may resolve to an unexpected server Description: An input validation issue existed in the handling of Exchange email addresses. This issue was addressed through improved input validation. CVE-2017-2414: Ilya Nesterov and Maxim Goncharov FontParser Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved input validation. CVE-2017-2487: riusksk (泉哥) of Tencent Security Platform Department CVE-2017-2406: riusksk (泉哥) of Tencent Security Platform Department FontParser Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: Parsing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved input validation. CVE-2017-2407: riusksk (泉哥) of Tencent Security Platform Department FontParser Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: An out-of-bounds read was addressed through improved input validation. CVE-2017-2439: John Villamil, Doyensec HomeKit Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: Home Control may unexpectedly appear on Control Center Description: A state issue existed in the handling of Home Control. This issue was addressed through improved validation. CVE-2017-2434: Suyash Narain of India HTTPProtocol Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: A malicious HTTP/2 server may be able to cause undefined behavior Description: Multiple issues existed in nghttp2 before 1.17.0. These were addressed by updating LibreSSL to version 1.17.0. CVE-2017-2428 ImageIO Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2017-2416: Qidan He (何淇丹, @flanker_hqd) of KeenLab, Tencent ImageIO Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: Viewing a maliciously crafted JPEG file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2017-2432: an anonymous researcher working with Trend Micro’s Zero Day Initiative ImageIO Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: Processing a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2017-2467 ImageIO Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: Processing a maliciously crafted image may lead to unexpected application termination Description: An out-of-bound read existed in LibTIFF versions before 4.0.7. This was addressed by updating LibTIFF in ImageIO to version 4.0.7. CVE-2016-3619 iTunes Store Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: An attacker in a privileged network position may be able to tamper with iTunes network traffic Description: Requests to iTunes sandbox web services were sent in cleartext. This was addressed by enabling HTTPS. CVE-2017-2412: Richard Shupak (linkedin.com/in/rshupak) Kernel Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-2017-2398: Lufeng Li of Qihoo 360 Vulcan Team CVE-2017-2401: Lufeng Li of Qihoo 360 Vulcan Team Kernel Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: An integer overflow was addressed through improved input validation. CVE-2017-2440: an anonymous researcher Kernel Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: A malicious application may be able to execute arbitrary code with root privileges Description: A race condition was addressed through improved memory handling. CVE-2017-2456: lokihardt of Google Project Zero Kernel Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed through improved memory management. CVE-2017-2472: Ian Beer of Google Project Zero Kernel Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-2017-2473: Ian Beer of Google Project Zero Kernel Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: An off-by-one issue was addressed through improved bounds checking. CVE-2017-2474: Ian Beer of Google Project Zero Kernel Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed through improved locking. CVE-2017-2478: Ian Beer of Google Project Zero Kernel Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow issue was addressed through improved memory handling. CVE-2017-2482: Ian Beer of Google Project Zero CVE-2017-2483: Ian Beer of Google Project Zero Keyboards Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: An application may be able to execute arbitrary code Description: A buffer overflow was addressed through improved bounds checking. CVE-2017-2458: Shashank (@cyberboyIndia) libarchive Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: A local attacker may be able to change file system permissions on arbitrary directories Description: A validation issue existed in the handling of symlinks. This issue was addressed through improved validation of symlinks. CVE-2017-2390: Omer Medan of enSilo Ltd libc++abi Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: Demangling a malicious C++ application may lead to arbitrary code execution Description: A use after free issue was addressed through improved memory management. CVE-2017-2441 Pasteboard Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: A person with physical access to an iOS device may read the pasteboard Description: The pasteboard was encrypted with a key protected only by the hardware UID. This issue was addressed by encrypting the pasteboard with a key protected by the hardware UID and the user’s passcode. CVE-2017-2399 Phone Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: A third party app can initiate a phone call without user interaction Description: An issue existed in iOS allowing for calls without prompting. This issue was addressed by prompting a user to confirm call initiation. CVE-2017-2484 Profiles Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: An attacker may be able to exploit weaknesses in the DES cryptographic algorithm Description: Support for the 3DES cryptographic algorithm was added to the SCEP client and DES was deprecated. CVE-2017-2380: an anonymous researcher Quick Look Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: Tapping a tel link in a PDF document could trigger a call without prompting the user Description: An issue existed when checking the tel URL before initiating calls. This issue was addressed with the addition of a confirmation prompt. CVE-2017-2404: Tuan Anh Ngo (Melbourne, Australia), Christoph Nehring Safari Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: Visiting a malicious website may lead to address bar spoofing Description: A state management issue was addressed by disabling text input until the destination page loads. CVE-2017-2376: an anonymous researcher, Michal Zalewski of Google Inc, Muneaki Nishimura (nishimunea) of Recruit Technologies Co., Ltd., Chris Hlady of Google Inc, an anonymous researcher, Yuyang Zhou of Tencent Security Platform Department (security.tencent.com) Safari Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: A local user may be able to discover websites a user has visited in Private Browsing Description: An issue existed in SQLite deletion. This issue was addressed through improved SQLite cleanup. CVE-2017-2384 Safari Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: Processing maliciously crafted web content may present authentication sheets over arbitrary web sites Description: A spoofing and denial-of-service issue existed in the handling of HTTP authentication. This issue was addressed through making HTTP authentication sheets non-modal. CVE-2017-2389: ShenYeYinJiu of Tencent Security Response Center, TSRC Safari Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: Visiting a malicious website by clicking a link may lead to user interface spoofing Description: A spoofing issue existed in the handling of FaceTime prompts. This issue was addressed through improved input validation. CVE-2017-2453: xisigr of Tencent’s Xuanwu Lab (tencent.com) Safari Reader Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting Description: Multiple validation issues were addressed through improved input sanitization. CVE-2017-2393: Erling Ellingsen SafariViewController Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: Cache state is not properly kept in sync between Safari and SafariViewController when a user clears Safari cache Description: An issue existed in clearing Safari cache information from SafariViewController. This issue was addressed by improving cache state handling. CVE-2017-2400: Abhinav Bansal of Zscaler, Inc. Security Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: Validating empty signatures with SecKeyRawVerify() may unexpectedly succeed Description: An validation issue existed with cryptographic API calls. This issue was addressed through improved parameter validation. CVE-2017-2423: an anonymous researcher Security Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS Description: Under certain circumstances, Secure Transport failed to validate the authenticity of OTR packets. This issue was addressed by restoring missing validation steps. CVE-2017-2448: Alex Radocea of Longterm Security, Inc. Security Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: An application may be able to execute arbitrary code with root privileges Description: A buffer overflow was addressed through improved bounds checking. CVE-2017-2451: Alex Radocea of Longterm Security, Inc. Security Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: Processing a maliciously crafted x509 certificate may lead to arbitrary code execution Description: A memory corruption issue existed in the parsing of certificates. This issue was addressed through improved input validation. CVE-2017-2485: Aleksandar Nikolic of Cisco Talos Siri Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: Siri might reveal text message contents while the device is locked Description: An insufficient locking issue was addressed with improved state management. CVE-2017-2452: Hunter Byrnes WebKit Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: Dragging and dropping a maliciously crafted link may lead to bookmark spoofing or arbitrary code execution Description: A validation issue existed in bookmark creation. This issue was addressed through improved input validation. CVE-2017-2378: xisigr of Tencent’s Xuanwu Lab (tencent.com) WebKit Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed through improved state management. CVE-2017-2486: redrain of light4freedom WebKit Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: Processing maliciously crafted web content may exfiltrate data cross-origin Description: A prototype access issue was addressed through improved exception handling. CVE-2017-2386: André Bargull WebKit Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved input validation. CVE-2017-2394: Apple CVE-2017-2396: Apple CVE-2016-9642: Gustavo Grieco WebKit Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2017-2395: Apple CVE-2017-2454: Ivan Fratric of Google Project Zero CVE-2017-2455: Ivan Fratric of Google Project Zero CVE-2017-2457: lokihardt of Google Project Zero CVE-2017-2459: Ivan Fratric of Google Project Zero CVE-2017-2460: Ivan Fratric of Google Project Zero CVE-2017-2464: Jeonghoon Shin, Natalie Silvanovich of Google Project Zero CVE-2017-2465: Zheng Huang and Wei Yuan of Baidu Security Lab CVE-2017-2466: Ivan Fratric of Google Project Zero CVE-2017-2468: lokihardt of Google Project Zero CVE-2017-2469: lokihardt of Google Project Zero CVE-2017-2470: lokihardt of Google Project Zero CVE-2017-2476: Ivan Fratric of Google Project Zero CVE-2017-2481: 0011 working with Trend Micro’s Zero Day Initiative WebKit Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed through improved memory handling. CVE-2017-2415: Kai Kang of Tencent’s Xuanwu Lab (tentcent.com) WebKit Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: Processing maliciously crafted web content may lead to unexpectedly unenforced Content Security Policy Description: An access issue existed in Content Security Policy. This issue was addressed through improved access restrictions. CVE-2017-2419: Nicolai Grødum of Cisco Systems WebKit Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: Processing maliciously crafted web content may lead to high memory consumption Description: An uncontrolled resource consumption issue was addressed through improved regex processing. CVE-2016-9643: Gustavo Grieco WebKit Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: An information disclosure issue existed in the processing of OpenGL shaders. This issue was addressed through improved memory management. CVE-2017-2424: Paul Thomson (using the GLFuzz tool) of the Multicore Programming Group, Imperial College London WebKit Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2017-2433: Apple WebKit Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: Processing maliciously crafted web content may exfiltrate data cross-origin Description: Multiple validation issues existed in the handling of page loading. This issue was addressed through improved logic. CVE-2017-2364: lokihardt of Google Project Zero WebKit Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: A malicious website may exfiltrate data cross-origin Description: A validation issue existed in the handling of page loading. This issue was addressed through improved logic. CVE-2017-2367: lokihardt of Google Project Zero WebKit Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue existed in the handling of frame objects. This issue was addressed with improved state management. CVE-2017-2445: lokihardt of Google Project Zero WebKit Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A logic issue existed in the handling of strict mode functions. This issue was addressed with improved state management. CVE-2017-2446: Natalie Silvanovich of Google Project Zero WebKit Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: Visiting a maliciously crafted website may compromise user information Description: A memory corruption issue was addressed through improved memory handling. CVE-2017-2447: Natalie Silvanovich of Google Project Zero WebKit Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed through improved memory management. CVE-2017-2471: Ivan Fratric of Google Project Zero WebKit Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue existed in frame handling. This issue was addressed through improved state management. CVE-2017-2475: lokihardt of Google Project Zero WebKit JavaScript Bindings Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: Processing maliciously crafted web content may exfiltrate data cross-origin Description: Multiple validation issues existed in the handling of page loading. This issue was addressed through improved logic. CVE-2017-2442: lokihardt of Google Project Zero WebKit Web Inspector Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: Closing a window while paused in the debugger may lead to unexpected application termination Description: A memory corruption issue was addressed through improved input validation. CVE-2017-2377: Vicki Pfau WebKit Web Inspector Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2017-2405: Apple Your experience might be the opposite, so let us know what you think of the new update. Any hidden gems, issues, or performance improvements? I hope this fixes things! I swipe down from the home menu and boom – search no workie… Is this what you’re talking about? Hopefully this update will fix things. Comment Name * Email *
Δ Save my name and email and send me emails as new comments are made to this post.
