News

Apple Releases Huge iOS 11.3 Update for iPhone and iPad

ios ipad hello feature

Apple released a major update for iPhone and iPad today. iOS 11.3 adds new features and improvements for AR, Battery Life and of course, a variety of security fixes.

A couple months ago, Apple gave a sneak peak of what’s coming in this Spring’s major iOS 11.3 update. But what users weren’t expecting was the unprecedented size of the update, which we will get into in a little bit. Version 11.3 touches on a vast quantity of the mobile OS, from the clock to the low leve elements such as the filesystem, kernel, iCloud, plugins, and security. This is definitely looking like an update where you might want to make a quick backup before you launch software update. Before you start the update chore, let’s take a quick look at what’s included.

What’s New in the iOS 11.3 Update and Should You Upgrade?

While version 11.2.6 fixed minor bugs related to crashes that could be triggered when viewing text in Indian characters, 11.3 introduces a laundry list of fixes, features, and improvements. A critical addition is a battery health feature, which lets users get a better understanding of how well their iOS device is performing.

This was partly attributed to the backlash Apple received when it was discovered the company was slowing down older devices to compensate for battery life when new versions of iOS were released. Many users didn’t take too kindly to this unknown change and took the Cupertino behemoth to task for keeping it a secret. The company is being more transparent with iOS 11.3 by adding this feature, which provides more information about maximum capacity and peak performance. Note, though, that the feature is still in beta, and it’s not yet available for iPad.

Apple is betting big on augmented reality, a new technology that immerses virtual content into the real world. iOS 11.3 introduces ARKit 1.5, which will let developers create more immersive content in their apps. The technology itself better understands environments, surfaces, and objects.

More down to earth features include new animoji exclusive to the iPhone X. Four new characters include a lion, brown bear, green dragon, and skull. I played with animoji a bit, and they are fun for the first couple minutes, but it’s not as much a must-have as it might seem in the ads and on social media. It’s a good implementation of AR and Apple is building on it, even if it costs $1000 dollars to use it.

Business Chat, a new messaging feature the company previewed but never released is now available in 11.3. Users will be able to seek customer support from popular businesses such as Hilton, Wells Fargo, and Lowes. There are also further improvements to the Health app so users can easily access their health records through a supported provider. The promised iCloud Messages never made it into the final release even though it was available in the betas. It seems Apple is sticking to its internal promise to only release features when they are solid (except for the iPhone Battery Health feature…).

There many more improvements to the system, which includes the App Store; users can now sort their reviews and there is better access to app details.

The iOS 11.3 update comes in at 712 MBs on the iPhone (630 MBs on my iPad) and is available for devices such as the iPhone 5s and later, iPad Air and later, and iPod Touch 6th generation. Users can download the update by connecting to a wireless network, launching Settings > General > Software Update then tapping Download and install.

Here is a list of additional bug fixes and security updates in iOS 11.3:

Clock

Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation

Impact: A person with physical access to an iOS device may be able to see the email address used for iTunes

Description: An information disclosure issue existed in the handling of alarms and timers. This issue was addressed through improved access restrictions.

CVE-2018-4123: Zaheen Hafzar M M (@zaheenhafzer)

CoreFoundation

Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation

Impact: An application may be able to gain elevated privileges

Description: A race condition was addressed with additional validation.

CVE-2018-4155: Samuel Groß (@5aelo)

CVE-2018-4158: Samuel Groß (@5aelo)

CoreText

Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation

Impact: Processing a maliciously crafted string may lead to a denial of service

Description: A denial of service issue was addressed through improved memory handling.

CVE-2018-4142: Robin Leroy of Google Switzerland GmbH

File System Events

Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation

Impact: An application may be able to gain elevated privileges

Description: A race condition was addressed with additional validation.

CVE-2018-4167: Samuel Groß (@5aelo)

Files Widget

Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation

Impact: File Widget may display contents on a locked device

Description: The File Widget was displaying cached data when in the locked state. This issue was addressed with improved state management.

CVE-2018-4168: Brandon Moore

Find My iPhone

Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation

Impact: A person with physical access to the device may be able to disable Find My iPhone without entering an iCloud password

Description: A state management issue existed when restoring from a back up. This issue was addressed through improved state checking during restore.

CVE-2018-4172: Viljami Vastamäki

iCloud Drive

Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation

Impact: An application may be able to gain elevated privileges

Description: A race condition was addressed with additional validation.

CVE-2018-4151: Samuel Groß (@5aelo)

Kernel

Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2018-4150: an anonymous researcher

Kernel

Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation

Impact: An application may be able to read restricted memory

Description: A validation issue was addressed with improved input sanitization.

CVE-2018-4104: The UK’s National Cyber Security Centre (NCSC)

Kernel

Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2018-4143: derrek (@derrekr6)

Mail

Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation

Impact: An attacker in a privileged network position may be able to intercept the contents of S/MIME-encrypted e-mail

Description: An inconsistent user interface issue was addressed with improved state management.

CVE-2018-4174: an anonymous researcher, an anonymous researcher

NSURLSession

Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation

Impact: An application may be able to gain elevated privileges

Description: A race condition was addressed with additional validation.

CVE-2018-4166: Samuel Groß (@5aelo)

PluginKit

Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation

Impact: An application may be able to gain elevated privileges

Description: A race condition was addressed with additional validation.

CVE-2018-4156: Samuel Groß (@5aelo)

Quick Look

Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation

Impact: An application may be able to gain elevated privileges

Description: A race condition was addressed with additional validation.

CVE-2018-4157: Samuel Groß (@5aelo)

Safari

Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation

Impact: Visiting a malicious website by clicking a link may lead to user interface spoofing

Description: An inconsistent user interface issue was addressed with improved state management.

CVE-2018-4134: xisigr of Tencent’s Xuanwu Lab (tencent.com), Zhiyang Zeng (@Wester) of Tencent Security Platform Department

Safari Login AutoFill

Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation

Impact: A malicious website may be able to exfiltrate autofilled data in Safari without explicit user interaction.

Description: Safari autofill did not require explicit user interaction before taking place. The issue was addressed through improved autofill heuristics.

CVE-2018-4137

SafariViewController

Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation

Impact: Visiting a malicious website may lead to user interface spoofing

Description: A state management issue was addressed by disabling text input until the destination page loads.

CVE-2018-4149: Abhinash Jain (@abhinashjain)

Security

Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation

Impact: A malicious application may be able to elevate privileges

Description: A buffer overflow was addressed with improved size validation.

CVE-2018-4144: Abraham Masri (@cheesecakeufo)

Storage

Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation

Impact: An application may be able to gain elevated privileges

Description: A race condition was addressed with additional validation.

CVE-2018-4154: Samuel Groß (@5aelo)

System Preferences

Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation

Impact: A configuration profile may incorrectly remain in effect after removal

Description: An issue existed in CFPreferences. This issue was addressed through improved preferences cleanup.

CVE-2018-4115: Johann Thalakada, Vladimir Zubkov, and Matt Vlasach of Wandera

Telephony

Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation

Impact: A remote attacker can cause a device to unexpectedly restart

Description: A null pointer dereference issue existed when handling Class 0 SMS messages. This issue was addressed through improved message validation.

CVE-2018-4140: @mjonsson, Arjan van der Oest of Voiceworks BV

Web App

Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation

Impact: Cookies may unexpectedly persist in web app

Description: A cookie management issue was addressed through improved state management.

CVE-2018-4110: Ben Compton and Jason Colley of Cerner Corporation

WebKit

Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2018-4101: Yuan Deng of Ant-financial Light-Year Security Lab

CVE-2018-4114: found by OSS-Fuzz

CVE-2018-4118: Jun Kokatsu (@shhnjk)

CVE-2018-4119: an anonymous researcher working with Trend Micro’s Zero Day Initiative

CVE-2018-4120: Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team

CVE-2018-4121: Natalie Silvanovich of Google Project Zero

CVE-2018-4122: WanderingGlitch of Trend Micro’s Zero Day Initiative

CVE-2018-4125: WanderingGlitch of Trend Micro’s Zero Day Initiative

CVE-2018-4127: an anonymous researcher working with Trend Micro’s Zero Day Initiative

CVE-2018-4128: Zach Markley

CVE-2018-4129: likemeng of Baidu Security Lab working with Trend Micro’s Zero Day Initiative

CVE-2018-4130: Omair working with Trend Micro’s Zero Day Initiative

CVE-2018-4161: WanderingGlitch of Trend Micro’s Zero Day Initiative

CVE-2018-4162: WanderingGlitch of Trend Micro’s Zero Day Initiative

CVE-2018-4163: WanderingGlitch of Trend Micro’s Zero Day Initiative

CVE-2018-4165: Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team

WebKit

Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation

Impact: Unexpected interaction with indexing types causing an ASSERT failure

Description: An array indexing issue existed in the handling of a function in javascript core. This issue was addressed through improved checks

CVE-2018-4113: found by OSS-Fuzz

WebKit

Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation

Impact: Processing maliciously crafted web content may lead to a denial of service

Description: A memory corruption issue was addressed through improved input validation

CVE-2018-4146: found by OSS-Fuzz

WebKit

Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation

Impact: A malicious website may exfiltrate data cross-origin

Description: A cross-origin issue existed with the fetch API. This was addressed through improved input validation.

CVE-2018-4117: an anonymous researcher, an anonymous researcher

WindowServer

Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation

Impact: An unprivileged application may be able to log keystrokes entered into other applications even when secure input mode is enabled

Description: By scanning key states, an unprivileged application could log keystrokes entered into other applications even when secure input mode was enabled. This issue was addressed by improved state management.

CVE-2018-4131: Andreas Hegenberg of folivora.AI GmbH

Source

Should you update to the new release? I took the plunge this evening just for you and updated several devices. So far, so good. My iPad Pro breezed through it quite quickly, completing in around 10 minutes, but my iPhone 6s is beginning to show its age a bit. The 2015 iPhone took around 20 minutes complete and there were a couple restarts along with some initial grogginess that subsided shortly after. That said, for such a large update, I was risking it by not backing up. I would recommend you backup before updating right away.

I am using a new iPad Pro with a A10x Fusion processor, so updates like this are nothing for it to handle. Let us know how it works out for you, especially on the older iPads and iPhones.


Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

 

To Top