Apple veröffentlicht iOS 10.3.2 mit Fehlerbehebungen und Sicherheitsverbesserungen [14F90]

Apple veröffentlicht iOS 10.3.2 mit Fehlerbehebungen und Sicherheitsverbesserungen [14F90]

Der US-Konzern Apple hat im Laufe des Abends ein weiteres Update für iPhone 5 oder neuer, iPad 4 oder neuer, iPad mini 2 oder neuer sowie iPod touch der sechsten Generation und neuer veröffentlicht und zum Download freigegeben. Das Update umfasst Fehlerbehebungen und verbessert die Sicherheit von iPhone und iPad, mit neuen Features ist also laut Apple nicht zu rechnen. Das Update ist mit iPhone 5 und neuer, iPad 4 und neuer und iPad mini 2 und neuer und mit iPod touch der sechsten Generation kompatibel und steht ab sofort sowohl Over-the-Air als auch zum Download über die iTunes-Software bereit. Eine Übersicht über alle Neuerungen und Verbesserungen in iOS 10.3.2 findet ihr im Abschnitt Release Notes.

iOS 10

iOS 10.3.2 ist jetzt als kostenloses Software Update für iPhone, iPad und iPod touch erhältlich.

Download -> iOS 10.3.2 für iPhone, iPad und iPod touch herunterladen

Das iOS 10.3.2 Update ist bis zu 2.3 Gigabyte groß und kann ab sofort sowohl Over-the-Air als über iTunes geladen und installiert werden, dazu muss vorher das Gerät mit dem Computer verbunden werden.

iOS 10.3.2 für iPhone, iPad und iPod manuell herunterladen

Wer das Update weder über iTunes noch Over-the-Air über die WLAN-Verbindung, sondern direkt laden möchte, kann sich das mit iPhone 5 und neuer, iPad 4 und neuer, iPad mini 2 und neuer sowie mit dem iPod touch der sechsten Generation und neuer kompatible Update direkt von hier aus herunterladen.

iOS 10.3.2 Download links für das iPhone [14F89]

iOS 10.3.2 für iPhone 7 -> iPhone_7_10.3.2_14F89_Restore.ipsw
iOS 10.3.2 für iPhone 7+ -> iPhone_7Plus_10.3.2_14F89_Restore.ipsw
iOS 10.3.2 für iPhone SE -> iPhone_4.0_64bit_10.3.2_14F89_Restore.ipsw
iOS 10.3.2 für iPhone 6 und 6s -> iPhone_4.7_10.3.2_14F89_Restore.ipsw
iOS 10.3.2 für iPhone 6+ und 6s+ -> iPhone_5.5_10.3.2_14F89_Restore.ipsw
iOS 10.3.2 für iPhone 5s -> iPhone_4.0_64bit_10.3.2_14F89_Restore.ipsw
iOS 10.3.2 für iPhone 5 und 5c -> iPhone_4.0_32bit_10.3.2_14F89_Restore.ipsw

iOS 10.3.2 Download links für das iPad [14F89]

iOS 10.3.2 für iPad Pro -> iPad_6,11_iPad_6,12_10.3.2_14F90_Restore.ipsw
iOS 10.3.2 für iPad Pro 9.7 -> iPadPro_9.7_10.3_14E277_Restore.ipsw
iOS 10.3.2 für iPad Pro 12.9 -> iPadPro_9.7_10.3.2_14F89_Restore.ipsw
iOS 10.3.2 für iPad Air 2 -> iPad_64bit_TouchID_10.3.2_14F89_Restore.ipsw
iOS 10.3.2 für iPad Air -> iPad_64bit_10.3.2_14F89_Restore.ipsw
iOS 10.3.2 für iPad 4 -> iPad_32bit_10.3.2_14F89_Restore.ipsw

iOS 10.3.2 Download links für das iPad mini [14F89]

iOS 10.3.2 für iPad mini 2 -> iPad_64bit_10.3.2_14F89_Restore.ipsw
iOS 10.3.2 für iPad mini 3 und 4 -> iPad_64bit_TouchID_10.3.2_14F89_Restore.ipsw

iOS 10.3.2 Download links für den iPod touch [14F89]

iOS 10.3.2 für iPod touch 6G -> iPodtouch_10.3.2_14F89_Restore.ipsw

Informationen zu den Sicherheitsaspekten dieses Updates sind hier erhältlich.

Dieses Update enthält folgende Neuerungen, Verbesserungen und Fehlerbehebungen:

  • iOS 10.3.2 enthält Fehlerbehebungen und verbessert die Sicherheit deines iPhone und iPad.

Hier wird der Sicherheitsinhalt von iOS 10.3.1 beschrieben

AVEVideoEncoder

  • Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
  • Impact: An application may be able to gain kernel privileges
  • Description: A memory corruption issue was addressed with improved memory handling.
  • CVE-2017-6989: Adam Donenfeld (@doadam) of the Zimperium zLabs Team

CoreAudio

  • Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
  • Impact: An application may be able to read restricted memory
  • Description: A validation issue was addressed with improved input sanitization.
  • CVE-2017-2502: Yangkang (@dnpushme) of Qihoo360 Qex Team

iBooks

  • Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
  • Impact: A maliciously crafted book may open arbitrary websites without user permission
  • Description: A URL handling issue was addressed through improved state management.
  • CVE-2017-2497: Jun Kokatsu (@shhnjk)

iBooks

  • Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
  • Impact: An application may be able to execute arbitrary code with root privileges
  • Description: An issue existed within the path validation logic for symlinks. This issue was addressed through improved path sanitization.
  • CVE-2017-6981: evi1m0 of YSRC (sec.ly.com)

IOSurface

  • Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
  • Impact: An application may be able to gain kernel privileges
  • Description: A memory corruption issue was addressed with improved memory handling.
  • CVE-2017-6979: Adam Donenfeld of Zimperium zLabs

Kernel

  • Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
  • Impact: An application may be able to execute arbitrary code with kernel privileges
  • Description: A race condition was addressed through improved locking.
  • CVE-2017-2501: Ian Beer of Google Project Zero

Kernel

  • Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
  • Impact: An application may be able to read restricted memory
  • Description: A validation issue was addressed with improved input sanitization.
  • CVE-2017-2507: Ian Beer of Google Project Zero
  • CVE-2017-6987: Patrick Wardle of Synack

Notifications

  • Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
  • Impact: An application may be able to cause a denial of service
  • Description: A denial of service issue was addressed through improved memory handling.
  • CVE-2017-6982: Vincent Desmurs (vincedes3), Sem Voigtlander (OxFEEDFACE), and Joseph Shenton of CoffeeBreakers

Safari

  • Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
  • Impact: Visiting a maliciously crafted webpage may lead to an application denial of service
  • Description: An issue in Safari's history menu was addressed through improved memory handling.
  • CVE-2017-2495: Tubasa Iinuma (@llamakko_cafe) of Gehirn Inc.

Security

  • Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
  • Impact: Update to the certificate trust policy
  • Description: A certificate validation issue existed in the handling of untrusted certificates. This issue was addressed through improved user handling of trust acceptance.
  • CVE-2017-2498: Andrew Jerman

SQLite

  • Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
  • Impact: A maliciously crafted SQL query may lead to arbitrary code execution
  • Description: A use after free issue was addressed through improved memory management.
  • CVE-2017-2513: found by OSS-Fuzz

SQLite

  • Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
  • Impact: A maliciously crafted SQL query may lead to arbitrary code execution
  • Description: A buffer overflow issue was addressed through improved memory handling.
  • CVE-2017-2518: found by OSS-Fuzz
  • CVE-2017-2520: found by OSS-Fuzz

SQLite

  • Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
  • Impact: A maliciously crafted SQL query may lead to arbitrary code execution
  • Description: A memory corruption issue was addressed with improved memory handling.
  • CVE-2017-2519: found by OSS-Fuzz

SQLite

  • Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
  • Impact: Processing maliciously crafted web content may lead to arbitrary code execution
  • Description: Multiple memory corruption issues were addressed with improved input validation.
  • CVE-2017-6983: Chaitin Security Research Lab (@ChaitinTech) working with Trend Micro's Zero Day Initiative
  • CVE-2017-6991: Chaitin Security Research Lab (@ChaitinTech) working with Trend Micro's Zero Day Initiative

TextInput

  • Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
  • Impact: Parsing maliciously crafted data may lead to arbitrary code execution
  • Description: A memory corruption issue was addressed with improved memory handling.
  • CVE-2017-2524: Ian Beer of Google Project Zero

WebKit

  • Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
  • Impact: Processing maliciously crafted web content may lead to arbitrary code execution
  • Description: Multiple memory corruption issues were addressed with improved memory handling.
  • CVE-2017-2496: Apple
  • CVE-2017-2505: lokihardt of Google Project Zero
  • CVE-2017-2506: Zheng Huang of the Baidu Security Lab working with Trend Micro’s Zero Day Initiative
  • CVE-2017-2514: lokihardt of Google Project Zero
  • CVE-2017-2515: lokihardt of Google Project Zero
  • CVE-2017-2521: lokihardt of Google Project Zero
  • CVE-2017-2525: Kai Kang (4B5F5F4B) of Tencent’s Xuanwu Lab (tencent.com) working with Trend Micro’s Zero Day Initiative
  • CVE-2017-2526: Kai Kang (4B5F5F4B) of Tencent’s Xuanwu Lab (tencent.com) working with Trend Micro’s Zero Day Initiative
  • CVE-2017-2530: an anonymous researcher
  • CVE-2017-2531: lokihardt of Google Project Zero
  • CVE-2017-2538: Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative
  • CVE-2017-2539: Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative
  • CVE-2017-2544: 360 Security (@mj0011sec) working with Trend Micro's Zero Day Initiative
  • CVE-2017-2547: lokihardt of Google Project Zero, Team Sniper (Keen Lab and PC Mgr) working with Trend Micro's Zero Day Initiative
  • CVE-2017-6980: lokihardt of Google Project Zero
  • CVE-2017-6984: lokihardt of Google Project Zero

WebKit

  • Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
  • Impact: Processing maliciously crafted web content may lead to universal cross site scripting
  • Description: A logic issue existed in the handling of WebKit Editor commands. This issue was addressed with improved state management.
  • CVE-2017-2504: lokihardt of Google Project Zero

WebKit

  • Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
  • Impact: Processing maliciously crafted web content may lead to universal cross site scripting
  • Description: A logic issue existed in the handling of WebKit container nodes. This issue was addressed with improved state management.
  • CVE-2017-2508: lokihardt of Google Project Zero

WebKit

  • Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
  • Impact: Processing maliciously crafted web content may lead to universal cross site scripting
  • Description: A logic issue existed in the handling of pageshow events. This issue was addressed with improved state management.
  • CVE-2017-2510: lokihardt of Google Project Zero

WebKit

  • Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
  • Impact: Processing maliciously crafted web content may lead to universal cross site scripting
  • Description: A logic issue existed in the handling of WebKit cached frames. This issue was addressed with improved state management.
  • CVE-2017-2528: lokihardt of Google Project Zero

WebKit

  • Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
  • Impact: Processing maliciously crafted web content may lead to arbitrary code execution
  • Description: Multiple memory corruption issues with addressed through improved memory handling.
  • CVE-2017-2536: Samuel Groß and Niklas Baumstark working with Trend Micro's Zero Day Initiative

WebKit

  • Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
  • Impact: Processing maliciously crafted web content may lead to universal cross site scripting
  • Description: A logic issue existed in frame loading. This issue was addressed with improved state management.
  • CVE-2017-2549: lokihardt of Google Project Zero

WebKit Web Inspector

  • Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
  • Impact: An application may be able to execute unsigned code
  • Description: A memory corruption issue was addressed with improved memory handling.
  • CVE-2017-2499: George Dan (@theninjaprawn)

Informationen zu den Sicherheitsaspekten dieses Updates sind hier erhältlich.

iPhone, iPad oder iPod touch aktualisieren

iOS 10.3.2 ist als Software Update für iPhone, iPad und iPod touch ab sofort erhältlich und ist mit iPhone 7, iPhone 7+, iPhone SE, iPhone 6s, iPhone 6s+, iPhone 6, iPhone 6+, iPhone 5s, iPhone 5c, iPhone 5, iPad Pro, iPad Air 2, iPad Air, iPad 4th, iPad mini 4, iPad mini 3, iPad mini 2 und iPod touch 6th kompatibel.

Kommentare sind geschlossen
it-blogger.net
Copyright © 2017 Valdet Beqiraj it-blogger.net