Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Apple iOS 10 and 10.0.1 Released SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Apple iOS 10 and 10.0.1 Released

On top of today being Patch Tuesday, Apple has released IOS 10 sometime today as well.  They also released 10.0.1, with not a lot of detail behind that release (maybe something was missed?)

Security details for 10.0 : https://support.apple.com/en-ca/HT207143
Security details for 10.0.1: https://support.apple.com/en-ca/HT207145 (an almost empty page)

Highlights are:

MiTM attacks on Apple Updates
Autocorrect pulling sensitive data from cache (again)
Issues with Certificate Trust in Mail app allows MiTM
Airprint Temp file sanitization
SMS directory exposed to malicious apps

 

None of these Apple or Microsoft updates are what you'd call "small" - let's hope we don't break the internet today (just kidding, I think).

Happy Patching everyone!

===============

Rob VandenBrink
Compugen

Rob VandenBrink

548 Posts
ISC Handler
Sep 13th 2016
It looks like the initial release bricked some devices. Read more here:

Apple’s iOS 10 Download Was Bricking iPhones. It’s Fixed Now - https://www.wired.com/2016/09/ios-10-bricks-iphones/
Anonymous

Sign Up for Free or Log In to start participating in the conversation!