Apple had a pretty busy day yesterday as it released the latest iOS 10.3 update for iPhone and iPad devices. The update came with some pretty neat features, like the new “Find My AirPods” feature that promised to help its users locate their AirPods. The latest OS version also came with updates to improve user’s macOS and iOS experience.
But despite these new features, Apple equipped iOS 10.3 with a lot of security fixes. As explained, Apple has equipped the update with security fixes that aims to reach up to 350 known vulnerabilities. As a result, Apple’s software can be more secure.
One of the things Apple included in iOS 10.3 is a security fix for a Safari security vulnerability. According to reports, this fix would address an issue that enabled attackers to spam Safari users with a dialog that read “Cannot Open Page.” This issue was discovered a few weeks ago by Lookout, a cybersecurity firm, when someone complained about losing control while he browsed the internet through Safari. As they prodded further, the company discovered that the dialog was intended to fool innocent users into paying money so they could “unlock” their browser. The payment was to be made through an iTunes gift card code.
The iOS 10.3 update also comes with a fix to a vulnerability wherein a connection through a “secure server” actually opened the door for remote code execution. This vulnerability was discovered by a threat intelligence organization called Talos, who disclosed details on their CVE-2017-2485. According to their report, when an HTTPS site was used on Safari browser, both macOS and iOS would validate the malicious and invalid certificate. This posed a threat to the user as it left the user open to a potential attack. The company discovered this vulnerability within Chrome too.
Considering the fact that Apple released a number of fixes this week, it cannot be ruled out that vulnerabilities no longer exist. And as we move to a more cyber-connected world, it’s always important to back up and secure your device. You can take a look at the full list of fixed CVEs Apple released with yesterday’s update on their security updates page.