Top Nav

Apple Releases iOS 10.3.3 – What’s Included and Should You Upgrade?

Apple is currently putting all its development efforts behind its next release of its iPad and iPhone mobile operating system, iOS 11. That said, the company hasn’t given up on maintaining the current version, iOS 10. While it’s approaching its sunset this fall, Apple continues to release important updates for it, the latest being iOS version 10.3.3.

The update follows version 10.3.2, released a couple months ago. Looking through the contents page for iOS 10.3.3, this is definitely a bug fix and security focused release; one you will definitely want to grab immediately. Numerous exploits have been closed, which include: arbitrary code execution, buffer overflows, remote attacks and several other low-level issues.

Editor’s note: It took me about 20 minutes to download and install iOS 10.3.3.  Not only that, I seemed to have gained back about half a gigabyte of storage space afterward.

What’s Included in iOS 10.3.3?

Just like the May release of iOS 10.3.2, you won’t find any user facing features—this is really about what’s under the hood. At 84 MBs, it’s a relatively small update, which shouldn’t be much of a hassle for Wi-Fi networks. But as with each of these updates, perform a quick backup just in case something unexpected happens. Some of the areas modified by the update include: Contacts, CoreAudio, EventkitUI, Kernel, IOUSBFamily, Messages, Notifications, Safari, Telephony, and Webkit. Webkit, in particular, receives quite a number of fixes in iOS 10.3.3.

The iOS 10.3.3 update supports Apple devices such as the iPhone 5 and later, iPad 4th generation and later, and iPod Touch 6th generation. You can download the update by launching Settings > General > Software Update > Download and Install.

For more details, here is a sample of whats fixed and plugged in the 10.3.3 update.

Contacts

Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation

Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution

Description: A buffer overflow issue was addressed through improved memory handling.

CVE-2017-7062: Shashank (@cyberboyIndia)

CoreAudio

Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation

Impact: Processing a maliciously crafted movie file may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved bounds checking.

CVE-2017-7008: Yangkang (@dnpushme) of Qihoo 360 Qex Team

EventKitUI

Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation 

Impact: A remote attacker may cause an unexpected application termination

Description: A resource exhaustion issue was addressed through improved input validation.

CVE-2017-7007: José Antonio Esteban (@Erratum_) of Sapsi Consultores

IOUSBFamily

Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2017-7009: shrek_wzw of Qihoo 360 Nirvan Team

Kernel

Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation 

Impact: An application may be able to execute arbitrary code with system privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2017-7022: an anonymous researcher

CVE-2017-7024: an anonymous researcher

CVE-2017-7026: an anonymous researcher

Kernel

Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation 

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2017-7023: an anonymous researcher

CVE-2017-7025: an anonymous researcher

CVE-2017-7027: an anonymous researcher

CVE-2017-7069: Proteas of Qihoo 360 Nirvan Team

Kernel

Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation

Impact: An application may be able to read restricted memory

Description: A validation issue was addressed with improved input sanitization.

CVE-2017-7028: an anonymous researcher

CVE-2017-7029: an anonymous researcher

libarchive

Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation

Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution

Description: A buffer overflow was addressed through improved bounds checking.

CVE-2017-7068: found by OSS-Fuzz

libxml2

Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation 

Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information

Description: An out-of-bounds read was addressed through improved bounds checking.

CVE-2017-7010: Apple

CVE-2017-7013: found by OSS-Fuzz

libxpc

Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation

Impact: An application may be able to execute arbitrary code with system privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2017-7047: Ian Beer of Google Project Zero

Messages

Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation 

Impact: A remote attacker may cause an unexpected application termination

Description: A memory consumption issue was addressed through improved memory handling.

CVE-2017-7063: Shashank (@cyberboyIndia)

Notifications

Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation

Impact: Notifications may appear on the lock screen when disabled

Description: A lock screen issue was addressed with improved state management.

CVE-2017-7058: an anonymous researcher

Safari

Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation

Impact: Visiting a malicious website may lead to address bar spoofing

Description: An inconsistent user interface issue was addressed with improved state management.

CVE-2017-2517: xisigr of Tencent’s Xuanwu Lab (tencent.com)

Safari Printing

Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation 

Impact: Processing maliciously crafted web content may lead to an infinite number of print dialogs

Description: An issue existed where a malicious or compromised website could show infinite print dialogs and make users believe their browser was locked. The issue was addressed through throttling of print dialogs.

CVE-2017-7060: Travis Kelley of City of Mishawaka, Indiana

Telephony

Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation

Impact: An attacker in a privileged network position may be able to execute arbitrary code

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2017-8248

WebKit

Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation

Impact: A malicious website may exfiltrate data cross-origin

Description: Processing maliciously crafted web content may allow cross-origin data to be exfiltrated by using SVG filters to conduct a timing side-channel attack. This issue was addressed by not painting the cross-origin buffer into the frame that gets filtered.

CVE-2017-7006: an anonymous researcher, David Kohlbrenner of UC San Diego

Source

Should you Upgrade to 10.3.3?

Yup! Come on, look at that list— save for about 20 minutes of downtime, there’s no benefit to skipping all those security fixes. With the smartphone becoming our most prized possession, due to the amount of sensitive information we store on it, keeping it updated is our best defense. There really is nothing to lose updating. Sure, you might want to wait a day or two just to see if any reports surface regarding issues with the update. For me, these point updates for iOS 10 have been quite trouble-free.

As always, let us know in the comments your experience with the new update: was it slow, fast, did something bad happen or was it just uneventful?

More Reading:

, , ,

One Response to Apple Releases iOS 10.3.3 – What’s Included and Should You Upgrade?

  1. Marsha July 20, 2017 at 7:09 am #

    I have a 2016 Ford Explorer and am experiencing sync problems. My iPhone 7 will connect and play music without a glitch, but I can hold a phone call. It connects every time, but will lose the connection and sometimes reconnect on its own.
    Ford tells me it’s an Apple problem and AT&T problem, but I can’t get any resolution. I keep thinking one of these updates will fix the problem, but they haven’t yet.
    Can you help some how?

Leave a Reply

 

Free Learning

 

Don't miss a single tip, how to or tech news update. Subscribe to my free newsletter and receive updates, right to your inbox.

You have Successfully Subscribed!

21 Shares
Share
Share
+1
Email
WhatsApp