Apple iOS 9.3.2 was released this week and after going over the release notes, it appears to be a relatively straight-forward update mostly filled with bug fixes and security updates.
What’s inside iOS 9.3.2?
The update clocks in at under 100 MB on both the iPad and iPhone so, should you decide to take the patch, the update is performed relatively quickly vs. previous updates. That being said, if you’re tight on space, head over to Settings > General > Storage & iCloud Usage > Manage Storage to get an excellent report about what’s consuming all your space.
What’s all included in the update/patch?
As I mentioned, Apple didn’t throw much into the upgrade. Think of it as a maintenance release.
Fixes included in the 9.3.2 update:
- Fixes an issue where some Bluetooth accessories could experience audio quality issues when paired to the iPhone SE
- Fixes an issue where looking up dictionary definitions could fail
- Addresses an issue that prevented typing email addresses when using the Japanese Kana keyboard in Mail and Messages
- Fixes an issue for VoiceOver users using the Alex voice, where the device switches to a different voice to announce punctuation or spaces
- Fixes an issue that prevented MDM servers from installing Custom B2B apps
As with most iOS updates from Apple, iOS 9.3.2 resolves several dozen security exploits, many of which are very nasty.
Security exploits fixed with the 9.3.2 update:
- Accessibility: An application may be able to determine kernel memory layout (CVE-2016-1790)
- CFNetwork Proxies: An attacker in a privileged network position may be able to leak sensitive user information (CVE-2016-1801)
- CommonCrypto: A malicious application may be able to leak sensitive user information (CVE-2016-1802)
- CoreCapture: An application may be able to execute arbitrary code with kernel privileges (CVE-2016-1803)
- Disk Images: A local attacker may be able to read kernel memory (CVE-2016-1807)
- Disk Images: An application may be able to execute arbitrary code with kernel privileges – Disk Images (CVE-2016-1808)
- ImageIO: Processing a maliciously crafted image may lead to a denial of service – (CVE-2016-1811)
- IOAcceleratorFamily: An application may be able to execute arbitrary code with kernel privileges (CVE-2016-1817 – CVE-2016-19)
- IOAcceleratorFamily: An application may be able to cause a denial of service (CVE-2016-1814)
- IOAcceleratorFamily: An application may be able to execute arbitrary code with kernel privileges (CVE-2016-1813)
- IOHIDFamily: An application may be able to execute arbitrary code with kernel privileges (CVE-2016-1823, CVE-2016-24)
- Kernel: An application may be able to execute arbitrary code with kernel privileges (CVE-2016-1827 – 2016-1827-31)
- Iibc: A local attacker may be able to cause unexpected application termination or arbitrary code execution (CVE-2016-1832)
- Iibxml2 : Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution (CVE-2016-1833 – CVE-2016-40)
- Iibxslt: Visiting a maliciously crafted website may lead to arbitrary code execution (CVE-2016-1841)
- MapKit : An attacker in a privileged network position may be able to leak sensitive user information (CVE-2016-1842)
- OpenGL : Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2016-1847)
- Safari : A user may be unable to fully delete browsing history (CVE-2016-1849)
- Siri : A person with physical access to an iOS device may be able to use Siri to access contacts and photos from the lock screen (CVE-2016-1852)
- WebKit : Visiting a malicious website may disclose data from another website (CVE-2016-1858)
- WebKit : Visiting a maliciously crafted website may lead to arbitrary code execution (CVE-2016-1854 – CVE-2016-1857
- WebKit Canvas : Visiting a maliciously crafted website may lead to arbitrary code execution (CVE-2016-1859)
Looking over the list of security exploits I think I know what your thinking.
But wait, I thought Apple products are secure and I don’t need to worry about security issues, malicious code and other issues common on Microsoft software.
Oh, if only that were the real world! Unfortunately, as we are all aware, it’s impossible to write perfect code. And when you have a device as sophisticated as an iPhone or an iPad, you’re going to have many, many bugs and security vulnerabilities. Keep this in mind when thinking “Should I upgrade my iPhone or iPad to iOS 9.3.2”.
Warning to iPad Pro Owners (9.7 Inch Tablet)
Multiple news publications are reporting that Apple has confirmed compatibility issues between iOS 9.3.2 and the iPad Pro (9.7-inch version). Although I’m not able to find anything in print from Apple, Reuters posted a blip about the story on Friday 5/20.
Although iOS 9.3.2 doesn’t include any new features and the updates it fixes are somewhat edge case, due to the 20+ security patches, I highly recommend groovyPost readers install the update as quickly as possible. I just completed updating my iPad Mini and iPhone 6 without incident.