0 / 140

Apple、iOS 10.3.2修正版をリリース。リリースノートから見る変更内容は?

Appleは5月16日(現地時間5月15日)、iPhone、iPadおよびiPod touch向けiOS 10.3バージョン2度目となる修正版「iOS 10.3.2」をリリースしました。互換性のあるiPhone、iPad、およびiPod touchを搭載したiOSデバイス ユーザーは、改善、機能追加、または安定性を強化したこの最新のファームウェアをダウンロード&インストールできるようになりました。

iOS10.3.2

今回の「iOS 10.3.2」アップデートは、前回4月4日にリリースされたiOS 10.3.1のような緊急性はなく、最初のベータ版リリース(4月4日)より一ヶ月以上のベータプロセスを経てブラッシュアップされてのリリースとなりました。

iOS10.3.2_Update

AppleはiOS 10.3.2のベータプロセスをiOS 10.3.1をスキップして始め、急遽古い32ビットiOSデバイスをサポートするためにiOS 10.3.1をリリースした経緯があります。今回のiOS 10.3.2の正式版リリースでは、この驚きはありません。期待するとすればiOS 10.3のブラッシュアップで、マイナーな修正が行われているにとどまっています。新しい機能や外向きに目立つ機能の修正なども見当たりません。事実、Appleのリリースノートも以下のようにそっけないものとなっています。

iOS10

iOS 10.3.2にはバグの修正およびiPhoneまたはiPadのセキュリティの問題の改善が含まれます。

細かな修正には、Siri利用やCarPlay対応の乗用車を所有するユーザーにとって関心のある事柄が含まれています。Appleは新しいSiriKitカーコマンドが期待どうりに機能するように改善を行ったと言っています。

また、iOS 10.3.2には上記のようにバグ修正のみならずセキュリティの問題の改善が含まれており、iPhoneやiPadのセキュリティが向上しています。その詳細はApple サポートに以下のように掲載されています。

iOS 10.3.2のセキュリティコンテンツ

AVEVideoEncoder

Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
Impact: An application may be able to gain kernel privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2017-6989: Adam Donenfeld (@doadam) of the Zimperium zLabs Team

CoreAudio

Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input sanitization.
CVE-2017-2502: Yangkang (@dnpushme) of Qihoo360 Qex Team

iBooks

Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
Impact: A maliciously crafted book may open arbitrary websites without user permission
Description: A URL handling issue was addressed through improved state management.
CVE-2017-2497: Jun Kokatsu (@shhnjk)

iBooks

Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
Impact: An application may be able to execute arbitrary code with root privileges
Description: An issue existed within the path validation logic for symlinks. This issue was addressed through improved path sanitization.
CVE-2017-6981: evi1m0 of YSRC (sec.ly.com)

IOSurface

Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
Impact: An application may be able to gain kernel privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2017-6979: Adam Donenfeld of Zimperium zLabs

Kernel

Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A race condition was addressed through improved locking.
CVE-2017-2501: Ian Beer of Google Project Zero

Kernel

Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input sanitization.
CVE-2017-2507: Ian Beer of Google Project Zero
CVE-2017-6987: Patrick Wardle of Synack

Notifications

Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
Impact: An application may be able to cause a denial of service
Description: A denial of service issue was addressed through improved memory handling.
CVE-2017-6982: Vincent Desmurs (vincedes3), Sem Voigtlander (OxFEEDFACE), and Joseph Shenton of CoffeeBreakers

Safari

Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
Impact: Visiting a maliciously crafted webpage may lead to an application denial of service
Description: An issue in Safari’s history menu was addressed through improved memory handling.
CVE-2017-2495: Tubasa Iinuma (@llamakko_cafe) of Gehirn Inc.

Security

Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
Impact: Update to the certificate trust policy
Description: A certificate validation issue existed in the handling of untrusted certificates. This issue was addressed through improved user handling of trust acceptance.
CVE-2017-2498: Andrew Jerman

SQLite

Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
Impact: A maliciously crafted SQL query may lead to arbitrary code execution
Description: A use after free issue was addressed through improved memory management.
CVE-2017-2513: found by OSS-Fuzz

SQLite

Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
Impact: A maliciously crafted SQL query may lead to arbitrary code execution
Description: A buffer overflow issue was addressed through improved memory handling.
CVE-2017-2518: found by OSS-Fuzz
CVE-2017-2520: found by OSS-Fuzz

SQLite

Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
Impact: A maliciously crafted SQL query may lead to arbitrary code execution
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2017-2519: found by OSS-Fuzz

SQLite

Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: Multiple memory corruption issues were addressed with improved input validation.
CVE-2017-6983: Chaitin Security Research Lab (@ChaitinTech) working with Trend Micro’s Zero Day Initiative
CVE-2017-6991: Chaitin Security Research Lab (@ChaitinTech) working with Trend Micro’s Zero Day Initiative

TextInput

Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
Impact: Parsing maliciously crafted data may lead to arbitrary code execution
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2017-2524: Ian Beer of Google Project Zero

WebKit

Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: Multiple memory corruption issues were addressed with improved memory handling.
CVE-2017-2496: Apple
CVE-2017-2505: lokihardt of Google Project Zero
CVE-2017-2506: Zheng Huang of the Baidu Security Lab working with Trend Micro’s Zero Day Initiative
CVE-2017-2514: lokihardt of Google Project Zero
CVE-2017-2515: lokihardt of Google Project Zero
CVE-2017-2521: lokihardt of Google Project Zero
CVE-2017-2525: Kai Kang (4B5F5F4B) of Tencent’s Xuanwu Lab (tencent.com) working with Trend Micro’s Zero Day Initiative
CVE-2017-2526: Kai Kang (4B5F5F4B) of Tencent’s Xuanwu Lab (tencent.com) working with Trend Micro’s Zero Day Initiative
CVE-2017-2530: an anonymous researcher
CVE-2017-2531: lokihardt of Google Project Zero
CVE-2017-2538: Richard Zhu (fluorescence) working with Trend Micro’s Zero Day Initiative
CVE-2017-2539: Richard Zhu (fluorescence) working with Trend Micro’s Zero Day Initiative
CVE-2017-2544: 360 Security (@mj0011sec) working with Trend Micro’s Zero Day Initiative
CVE-2017-2547: lokihardt of Google Project Zero, Team Sniper (Keen Lab and PC Mgr) working with Trend Micro’s Zero Day Initiative
CVE-2017-6980: lokihardt of Google Project Zero
CVE-2017-6984: lokihardt of Google Project Zero

WebKit

Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to universal cross site scripting
Description: A logic issue existed in the handling of WebKit Editor commands. This issue was addressed with improved state management.
CVE-2017-2504: lokihardt of Google Project Zero

WebKit

Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to universal cross site scripting
Description: A logic issue existed in the handling of WebKit container nodes. This issue was addressed with improved state management.
CVE-2017-2508: lokihardt of Google Project Zero

WebKit

Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to universal cross site scripting
Description: A logic issue existed in the handling of pageshow events. This issue was addressed with improved state management.
CVE-2017-2510: lokihardt of Google Project Zero

WebKit

Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to universal cross site scripting
Description: A logic issue existed in the handling of WebKit cached frames. This issue was addressed with improved state management.
CVE-2017-2528: lokihardt of Google Project Zero

WebKit

Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: Multiple memory corruption issues with addressed through improved memory handling.
CVE-2017-2536: Samuel Groß and Niklas Baumstark working with Trend Micro’s Zero Day Initiative

WebKit

Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to universal cross site scripting
Description: A logic issue existed in frame loading. This issue was addressed with improved state management.
CVE-2017-2549: lokihardt of Google Project Zero

WebKit Web Inspector

Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
Impact: An application may be able to execute unsigned code
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2017-2499: George Dan (@theninjaprawn)

尚、iOSデバイスでアップデートを行う場合には、[設定]アプリを立ち上げ、[設定]→[一般]→[ソフトウェアアップデート]よりOTA(Over The Air)で行うことが出来ます。

The following two tabs change content below.
eswai
ガジェット好きなオヤジです。iPhoneやMac・PCを使っていて、ふとしたときに感じた疑問なんかを自分なりに解決した記事を書いていきます。また、時には楽しい動画なんかもアップしていくつもりです。どうぞよろしく!

つぶやき

Facebookのコメント

この記事へのコメント

メールアドレスが公開されることはありません。 * が付いている欄は必須項目です