Top Nav

Apple iOS 10.2.1 – Should You Upgrade and What’s Included?

Today, Apple released the latest point update to its mobile operating system, iOS 10.2.1. The minor update is available for some Apple devices such as the iPhone and iPad. As usual, the new update is a mixed bag of improved functionality and bug fixes. The update follows the iOS 10.1, which was released in October 2016 and iOS 10.2, which was released in December 2016. A majority of bug fixes in this release primarily affects Webkit; the web browser engine used by the Safari web browser. Other components such as Auto Unlock, Contacts, Kernel, libarchive and Wi-Fi also received updates.

Should You Upgrade Your iPad or iPhone to iOS 10.2.1?

The 10.2.1 update is relatively small, coming in at 72 Mbs. Users can download the latest iOS update by launching Settings > General > Software Update. This took about 15 minutes to download and install on an iPhone 6s. Although this is a recommended update, make sure you perform a backup just in case. I personally like waiting a bit just to see if early adopters come across any show stoppers. Apple’s mobile OS has become just as complex and targetted as its desktop sibling, and the company throws a lot of human resources into maintaining it. That said, there is always a chance of something going wrong.

Here is a detailed list of what’s new and fixed in in iOS 10.2.1.

 Editor’s note: iOS 10.2.1 appears to fix the rainbow flag emoji crash that you may have heard about. If you haven’t heard about it, we won’t enable anyone by telling you about it here!

Auto Unlock

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Auto Unlock may unlock when Apple Watch is off the user’s wrist

Description: A logic issue was addressed through improved state management.

CVE-2017-2352: Ashley Fernandez of raptAware Pty Ltd

Contacts

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Processing a maliciously crafted contact card may lead to unexpected application termination

Description: An input validation issue existed in the parsing of contact cards. This issue was addressed through improved input validation.

CVE-2017-2368: Vincent Desmurs (vincedes3)

Kernel

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A buffer overflow issue was addressed through improved memory handling.

CVE-2017-2370: Ian Beer of Google Project Zero

Kernel

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed through improved memory management.

CVE-2017-2360: Ian Beer of Google Project Zero

libarchive

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution

Description: A buffer overflow issue was addressed through improved memory handling.

CVE-2016-8687: Agostino Sarubbo of Gentoo

WebKit

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Processing maliciously crafted web content may exfiltrate data cross-origin

Description: A prototype access issue was addressed through improved exception handling.

CVE-2017-2350: Gareth Heyes of Portswigger Web Security

WebKit

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: Multiple memory corruption issues were addressed through improved memory handling.

CVE-2017-2354: Neymar of Tencent’s Xuanwu Lab (tencent.com) working with Trend Micro’s Zero Day Initiative

CVE-2017-2362: Ivan Fratric of Google Project Zero

CVE-2017-2373: Ivan Fratric of Google Project Zero

WebKit

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A memory initialization issue was addressed through improved memory handling.

CVE-2017-2355: Team Pangu and lokihardt at PwnFest 2016

WebKit

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: Multiple memory corruption issues were addressed through improved input validation.

CVE-2017-2356: Team Pangu and lokihardt at PwnFest 2016

CVE-2017-2369: Ivan Fratric of Google Project Zero

CVE-2017-2366: Kai Kang of Tencent’s Xuanwu Lab (tencent.com)

WebKit

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Processing maliciously crafted web content may exfiltrate data cross-origin

Description: A validation issue existed in the handling of page loading. This issue was addressed through improved logic.

CVE-2017-2363: lokihardt of Google Project Zero

CVE-2017-2364: lokihardt of Google Project Zero

WebKit

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: A malicious website can open popups

Description: An issue existed in the handling of blocking popups. This was addressed through improved input validation.

CVE-2017-2371: lokihardt of Google Project Zero

WebKit

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Processing maliciously crafted web content may exfiltrate data cross-origin

Description: A validation issue existed in the handling of variable handling. This issue was addressed through improved validation.

CVE-2017-2365: lokihardt of Google Project Zero

WiFi

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: An activation-locked device can be manipulated to briefly present the home screen

Description: An issue existed with handling user input that caused a device to present the home screen even when activation locked. This was addressed through improved input validation.

CVE-2017-2351: Sriram (@Sri_Hxor) of Primefort Pvt. Ltd., Hemanth Joseph

Conclusion

There is nothing particularly dramatic or must have in a minor point update such as iOS 10.2.1, but I think that’s a good thing. Since becoming an iPhone user, I have appreciated the stability of the platform, especially the consistency in regards to performance with each update. That said, you won’t regret waiting it out a bit, and see how fellow users handle the update before taking the plunge yourself.

Editor’s noteIt’s worth noting that some of these security fixes also apply to Apple Watch, macOS, and tvOS. So, if you want to cover all your bases, update those devices, too.

If you do jump on the update, let us know what you think of it in the comments. Any hidden gems, issues, performance improvements? We would love to know.

More Reading:

, ,

No comments yet.

Leave a Reply