iOS 10.3.2 Officially Released with 23 Bug Fixes

Apple has released the final version of iOS 10.3.2 to the public, after just about a month and a half of beta testing. Notably, the update fixes and patches a whopping 23 known issues and bugs.

Like the iOS 10.3.1 update before it, Apple’s newest OS firmware is an incremental update packed with under-the-hood bug fixes, security improvements and performance enhancing patches. No forward-facing changes or new features have been discovered so far, so it’s likely that the patch is just a security and bug fix update (but that makes it no less important). A full list of the included fixes is available below.

The new iOS update manages to squash a wide range of various bugs, including two bugs in iBooks — one of which would allow a malicious book to open websites without user permission. A similar bug in Safari would allow malicious websites to apply an application denial of service. The patch also fixes a Kernel bug, a Notifications issue, several SQLite bugs and a total of eight WebKit bugs, among several others.

It’s important to note that, with the security fix announcement, these bugs and exploits are now public knowledge. In turn, it’s definitely a good idea to update your device to iOS 10.3.2 as soon as possible to prevent attackers from using these now-patched vulnerabilities on iOS devices running older versions. iOS 10.3.2 can be installed on any iOS device that can run iOS 10 — which includes the following:

• iPhone 5 and newer
• Fourth-gen iPad and newer
• iPad mini 2 and newer
• All iPad Pro models
• Sixth-gen iPod Touch and newer

iOS 10.3.2 is currently available as an over-the-air update for the devices above. Alternatively, you can download and install the update via iTunes.

iOS 10.3.2 Security Fixes (list of 23)

1. AVEVideoEncoder

   Impact: An application may be able to gain kernel privileges. A memory corruption issue was addressed with improved memory handling.

2. CoreAudio

   Impact: An application may be able to read restricted memory. A validation issue was addressed with improved input sanitization.

3. iBooks

   Impact: A maliciously crafted book may open arbitrary websites without user permission. A URL handling issue was addressed through improved state management.

   Impact: An application may be able to execute arbitrary code with root privileges.  An issue existed within the path validation logic for symlinks. This issue was addressed through improved path sanitization.

4. IOSurface

   Impact: An application may be able to gain kernel privileges.  A memory corruption issue was addressed with improved memory handling.

5. Kernel

   Impact: An application may be able to execute arbitrary code with kernel privileges.  A race condition was addressed through improved locking.

   Impact: An application may be able to read restricted memory.  A validation issue was addressed with improved input sanitization.

6. Notifications

   Impact: An application may be able to cause a denial of service.  A denial of service issue was addressed through improved memory handling.

7. Safari

   Impact: Visiting a maliciously crafted webpage may lead to an application denial of service.  An issue in Safari’s history menu was addressed through improved memory handling.

8. Security

   Impact: Update to the certificate trust policy.  A certificate validation issue existed in the handling of untrusted certificates. This issue was addressed through improved user handling of trust acceptance.

9. SQLite

   Impact: A maliciously crafted SQL query may lead to arbitrary code execution.  A use after free issue was addressed through improved memory management.

   Impact: A maliciously crafted SQL query may lead to arbitrary code execution.  A buffer overflow issue was addressed through improved memory handling.

   Impact: A maliciously crafted SQL query may lead to arbitrary code execution.  A memory corruption issue was addressed with improved memory handling.

   Impact: Processing maliciously crafted web content may lead to arbitrary code execution.  Multiple memory corruption issues were addressed with improved input validation.

10. TextInput

    Impact: Parsing maliciously crafted data may lead to arbitrary code execution.  A memory corruption issue was addressed with improved memory handling.

11. WebKit

    Impact: Processing maliciously crafted web content may lead to arbitrary code execution.  Multiple memory corruption issues were addressed with improved memory handling.

    Impact: Processing maliciously crafted web content may lead to universal cross site scripting.  A logic issue existed in the handling of WebKit Editor commands. This issue was addressed with improved state management.

    Impact: Processing maliciously crafted web content may lead to universal cross site scripting. A logic issue existed in the handling of WebKit container nodes. This issue was addressed with improved state management.

    Impact: Processing maliciously crafted web content may lead to universal cross site scripting. A logic issue existed in the handling of pageshow events. This issue was addressed with improved state management.

    Impact: Processing maliciously crafted web content may lead to universal cross site scripting.  A logic issue existed in the handling of WebKit cached frames. This issue was addressed with improved state management.

    Impact: Processing maliciously crafted web content may lead to arbitrary code execution.  Multiple memory corruption issues with addressed through improved memory handling.

    Comment

    Impact: Processing maliciously crafted web content may lead to universal cross site scripting. A logic issue existed in frame loading. This issue was addressed with improved state management.

12. WebKit Web Inspector

    Impact: An application may be able to execute unsigned code.  A memory corruption issue was addressed with improved memory handling.