Posted in Specs

iOS 9.3.3 Released – How to Install


iOS9 logo

Apple has released iOS version 9.3.3. As always, make a backup of your iOS device before performing the update.

To update, tap Settings > General > Software Update. Then tap on install. You may be required to use a Wi-Fi network.

According to Apple, the new release includes the following security fixes and improvements:

Calendar

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: A maliciously crafted calendar invite may cause a device to unexpectedly restart

Description: A null pointer dereference was addressed through improved memory handling.

CVE-2016-4605 : Henry Feldman MD at Beth Israel Deaconess Medical Center

CoreGraphics

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: A remote attacker may be able to execute arbitrary code

Description: A memory corruption issue was addressed through improved memory handling.

CVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com/vulnerability-reports)

FaceTime

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: An attacker in a privileged network position may be able to cause a relayed call to continue transmitting audio while appearing as if the call terminated

Description: User interface inconsistencies existed in the handling of relayed calls. These issues were addressed through improved FaceTime display logic.

CVE-2016-4635 : Martin Vigo

ImageIO

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: A remote attacker may be able to cause a denial of service

Description: A memory consumption issue was addressed through improved memory handling.

CVE-2016-4632 : Evgeny Sidorov of Yandex

ImageIO

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: A remote attacker may be able to execute arbitrary code

Description: Multiple memory corruption issues were addressed through improved memory handling.

CVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com/vulnerability-reports)

IOAcceleratorFamily

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: A local user may be able to read kernel memory

Description: An out-of-bounds read was addressed through improved bounds checking.

CVE-2016-4628 : Ju Zhu of Trend Micro

IOAcceleratorFamily

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: A local user may be able to execute arbitrary code with kernel privileges

Description: A null pointer dereference was addressed through improved validation.

CVE-2016-4627 : Ju Zhu of Trend Micro

IOHIDFamily

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: A local user may be able to execute arbitrary code with kernel privileges

Description: A null pointer dereference was addressed through improved input validation.

CVE-2016-4626 : Stefan Esser of SektionEins

Kernel

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: A local user may be able to execute arbitrary code with kernel privileges

Description: Multiple memory corruption issues were addressed through improved memory handling.

CVE-2016-1863 : Ian Beer of Google Project Zero

CVE-2016-1864 : Ju Zhu of Trend Micro

CVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team

Kernel

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: A local user may be able to cause a system denial of service

Description: A null pointer dereference was addressed through improved input validation.

CVE-2016-1865 : CESG, Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent

libxml2

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: Multiple vulnerabilities in libxml2

Description: Multiple memory corruption issues were addressed through improved memory handling.

CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University

CVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological University

CVE-2016-4448 : Apple

CVE-2016-4483 : Gustavo Grieco

CVE-2016-4614 : Nick Wellnhofer

CVE-2016-4615 : Nick Wellnhofer

CVE-2016-4616 : Michael Paddon

CVE-2016-4619 : Hanno Boeck

libxml2

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information

Description: An access issue existed in the parsing of maliciously crafted XML files. This issue was addressed through improved input validation.

CVE-2016-4449 : Kostya Serebryany

libxslt

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: Multiple vulnerabilities in libxslt

Description: Multiple memory corruption issues were addressed through improved memory handling.

CVE-2016-1684 : Nicolas Grégoire

CVE-2016-4607 : Nick Wellnhofer

CVE-2016-4608 : Nicolas Grégoire

CVE-2016-4609 : Nick Wellnhofer

CVE-2016-4610 : Nick Wellnhofer

CVE-2016-4612 : Nicolas Grégoire

Safari

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: Visiting a malicious website may lead to user interface spoofing

Description: Redirect responses to invalid ports may have allowed a malicious website to display an arbitrary domain while displaying arbitrary content. This issue was addressed through improved URL display logic.

CVE-2016-4604 : xisigr of Tencent’s Xuanwu Lab (www.tencent.com)

Sandbox Profiles

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: A local application may be able to access the process list

Description: An access issue existed with privileged API calls. This issue was addressed through additional restrictions.

CVE-2016-4594 : Stefan Esser of SektionEins

Siri Contacts

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: A person with physical access to a device may be able to see private contact information

Description: A privacy issue existed in the handling of Contact cards. This was addressed through improved state management.

CVE-2016-4593 : Pedro Pinheiro (facebook.com/pedro.pinheiro.1996)

Web Media

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: Viewing a video in Safari’s Private Browsing mode displays the URL of the video outside of Private Browsing mode

Description: A privacy issue existed in the handling of user data by Safari View Controller. This issue was addressed through improved state management.

CVE-2016-4603 : Brian Porter (@portex33)

WebKit

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: Visiting a maliciously crafted website may result in the disclosure of process memory

Description: A memory initialization issue was addressed through improved memory handling.

CVE-2016-4587 : Apple

WebKit

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: Visiting a malicious website may disclose image data from another website

Description: A timing issue existed in the processing of SVG. This issue was addressed through improved validation.

CVE-2016-4583 : Roeland Krak

WebKit

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: Visiting a maliciously crafted website may compromise user information on the file system

Description: A permissions issue existed in the handling of the location variable. This was addressed though additional ownership checks.

CVE-2016-4591 : ma.la of LINE Corporation

WebKit

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: Visiting a maliciously crafted website may lead to arbitrary code execution

Description: Multiple memory corruption issues were addressed through improved memory handling.

CVE-2016-4589 : Tongbo Luo and Bo Qu of Palo Alto Networks

CVE-2016-4622 : Samuel Gross working with Trend Micro’s Zero Day Initiative

CVE-2016-4623 : Apple

CVE-2016-4624 : Apple

WebKit

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: Visiting a malicious website may lead to user interface spoofing

Description: An origin inheritance issue existed in parsing of about: URLs. This was addressed through improved validation of security origins.

CVE-2016-4590 : xisigr of Tencent’s Xuanwu Lab (www.tencent.com)

WebKit

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: Visiting a maliciously crafted webpage may lead to a system denial of service

Description: A memory consumption issue was addressed through improved memory handling.

CVE-2016-4592 : Mikhail

WebKit JavaScript Bindings

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: Visiting a maliciously crafted website may lead to script execution in the context of a non-HTTP service

Description: A cross-protocol cross-site scripting (XPXSS) issue existed in Safari when submitting forms to non-HTTP services compatible with HTTP/0.9. This issue was addressed by disabling scripts and plugins on resources loaded over HTTP/0.9.

CVE-2016-4651 : Obscure

WebKit Page Loading

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: A malicious website may exfiltrate data cross-origin

Description: A cross-site scripting issue existed in Safari URL redirection. This issue was addressed through improved URL validation on redirection.

CVE-2016-4585 : Takeshi Terada of Mitsui Bussan Secure Directions, Inc. (www.mbsd.jp)

WebKit Page Loading

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: Visiting a maliciously crafted website may lead to arbitrary code execution

Description: Multiple memory corruption issues were addressed through improved memory handling.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s