Published On: Tue, Sep 19th, 2017

Today’s iOS 11 Update Fixes Persistent Denial-of-Service, Unencrypted Backup & Several Other Security Issues

Exchange ActiveSync

Available for: iPhone 5s and later, iPad Air and later, and iPod hold 6th generation

ios-11-battery-life-saving-tips-2Related iOS 11 Battery Life Saving Tips for iPhone iPad Users [Guide]

Impact: An assailant in a absolved network position might be means to erase a device during Exchange comment setup

Description: A validation emanate existed in AutoDiscover V1. This emanate was addressed by requiring TLS.

CVE-2017-7088: Ilya Nesterov, Maxim Goncharov

iBooks

Available for: iPhone 5s and later, iPad Air and later, and iPod hold 6th generation

Impact: Parsing a maliciously crafted iBooks record might lead to a determined denial-of-service

Description: Multiple rejection of use issues were addressed by softened memory handling.

CVE-2017-7072: Jędrzej Krysztofiak

Mail MessageUI

Available for: iPhone 5s and later, iPad Air and later, and iPod hold 6th generation

Impact: Processing a maliciously crafted picture might lead to a rejection of service

Description: A memory crime emanate was addressed with softened validation.

CVE-2017-7097: Xinshu Dong and Jun Hao Tan of Anquan Capital

Messages

Available for: iPhone 5s and later, iPad Air and later, and iPod hold 6th generation

Impact: Processing a maliciously crafted picture might lead to a rejection of service

Description: A rejection of use emanate was addressed by softened validation.

CVE-2017-7118: Kiki Jiang and Jason Tokoph

MobileBackup

Available for: iPhone 5s and later, iPad Air and later, and iPod hold 6th generation

Impact: Backup might perform an unencrypted backup notwithstanding a requirement to perform usually encrypted backups

Description: A permissions emanate existed. This emanate was addressed with softened accede validation.

CVE-2017-7133: Don Sparks of HackediOS.com

Safari

Available for: iPhone 5s and later, iPad Air and later, and iPod hold 6th generation

Impact: Visiting a antagonistic website might lead to residence bar spoofing

Description: An unsuitable user interface emanate was addressed with softened state management.

CVE-2017-7085: xisigr of Tencent’s Xuanwu Lab (tencent.com)

WebKit

Available for: iPhone 5s and later, iPad Air and later, and iPod hold 6th generation

Impact: Visiting a antagonistic website might lead to residence bar spoofing

Description: An unsuitable user interface emanate was addressed with softened state management.

CVE-2017-7106: Oliver Paukstadt of Thinking Objects GmbH (to.com)

WebKit

Available for: iPhone 5s and later, iPad Air and later, and iPod hold 6th generation

Impact: Processing maliciously crafted web calm might lead to concept cranky site scripting

Description: A proof emanate existed in a doing of a parent-tab. This emanate was addressed with softened state management.

CVE-2017-7089: Frans Rosén of Detectify, Anton Lopanitsyn of ONSEC

About the Author

Leave a comment

XHTML: You can use these html tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>