Threat Level: green Handler on Duty: Pasquale Stirparo

SANS ISC: Apple iOS 10 and 10.0.1 Released - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Apple iOS 10 and 10.0.1 Released

On top of today being Patch Tuesday, Apple has released IOS 10 sometime today as well.  They also released 10.0.1, with not a lot of detail behind that release (maybe something was missed?)

Security details for 10.0 : https://support.apple.com/en-ca/HT207143
Security details for 10.0.1: https://support.apple.com/en-ca/HT207145 (an almost empty page)

Highlights are:

MiTM attacks on Apple Updates
Autocorrect pulling sensitive data from cache (again)
Issues with Certificate Trust in Mail app allows MiTM
Airprint Temp file sanitization
SMS directory exposed to malicious apps

 

None of these Apple or Microsoft updates are what you'd call "small" - let's hope we don't break the internet today (just kidding, I think).

Happy Patching everyone!

===============

Rob VandenBrink
Compugen

Rob VandenBrink

481 Posts
ISC Handler
It looks like the initial release bricked some devices. Read more here:

Apple’s iOS 10 Download Was Bricking iPhones. It’s Fixed Now - https://www.wired.com/2016/09/ios-10-bricks-iphones/
Anonymous

Sign Up for Free or Log In to start participating in the conversation!