Advertisement

Why you should download Apple’s iOS 10.2.1 right now

Apple released a security heavy update to its mobile operating system known as iOS, Monday, which should help fix over a dozen existing software vulnerabilities currently affecting iPhones, iPads and iPods.
(Jun Seita / Flickr)

Apple released Monday a security-heavy update to its mobile operating system iOS, which should help fix over a dozen existing software vulnerabilities currently affecting iPhones, iPads and iPods.

The newly introduced iOS 10.2.1 will help protect users from a wide range of potentially serious cyberattacks, including the downloading of specific, malicious phone applications that can help adversaries take complete control of the device.

The software update targets issues discovered by researchers in WebKit, the browser engine behind Safari, Apple’s App Store, and several native iOS apps. Some of the aforementioned vulnerabilities would allow for arbitrary code execution, enabling a hacker to remotely edit code and launch specific programs or features. With such a capability, data siphoning and other digital espionage activities could be accomplished.

Although the vulnerabilities are significant, it took some of the world’s best security researchers to discover.

Advertisement

“These were some top notch hackers who found them, so the bar was quite high,” iOS forensics expert Jonathan Zdziarski told Wired.

Google’s elite security unit known as Project Zero reported nine of the catalogued iOS vulnerabilities.

This is not the first time Apple has pushed out a comprehensive security update following the disclosure of a potentially damaging software vulnerability.

When a unique malware variant designed to spy on iPhones was found lurking on the digital communications of a Middle Eastern human rights activist last summer, Apple moved quickly to provide an iOS update that ultimately patched multiple backdoors.

The spyware, dubbed Pegasus, had been designed by an Israeli defense contractor named NSO Group. Pegasus allowed for attackers to remotely exfiltrate data related to a device’s browsing history, emails, text messages, contact lists, photos and more. Pegasus similarly targeted kernel privileges and led to arbitrary code execution.

Chris Bing

Written by Chris Bing

Christopher J. Bing is a cybersecurity reporter for CyberScoop. He has written about security, technology and policy for the American City Business Journals, DC Inno, International Policy Digest and The Daily Caller. Chris became interested in journalism as a result of growing up in Venezuela and watching the country shift from a democracy to a dictatorship between 1991 and 2009. Chris is an alumnus of St. Marys College of Maryland, a small liberal arts school based in Southern Maryland. He's a fan of Premier League football, authentic Laotian food and his dog, Sam.

Latest Podcasts