What’s New in the iOS 11.2.5 Update and Should You Upgrade?
The previous 11.2.2 release focused primarily on fixing the CPU vulnerability called Spectre. Version 11.2.5 is more of a feature prep for the upcoming HomePod stereo, along with bug fixes for Mail, Messages, and CarPlay. Users can now ask Siri to play news from sources such as CNN, NPR or Fox News but only for the US, UK, and Australia at this time. The Control Center audio controls get a small revamp, which lets you 3D touch and access available playback sources such as an Apple TV in the top right hand of the music widget. On the security side, the update finally fixes a serious bug in Messages that could be triggered when a malicious link is opened. The iOS 11.2.5 update comes in at 163 MBs and is available for devices such as the iPhone 5s and later, iPad Air and later, and iPod Touch 6th generation. Users can download the update by connecting to a wireless network, launching Settings > General > Software Update then tapping Download and install. Here is a list of additional bug fixes and security updates in iOS 11.2.5: Should you get the update? The update is working just fine on my iPhone 6s at the moment, so, it seems safe enough to grab it. In contrast to 11.2.2 which was a major security fix, this is a more of a routine update. The update was up and running in less than 20 minutes, but as always, do back up, just in case; especially for older devices. Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2018-4094: Mingi Cho, MinSik Shin, Seoyoung Kim, Yeongho Lee and Taekyoung Kwon of the Information Security Lab, Yonsei University Core Bluetooth Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4087: Rani Idan (@raniXCH) of Zimperium zLabs Team CVE-2018-4095: Rani Idan (@raniXCH) of Zimperium zLabs Team Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: A memory initialization issue was addressed through improved memory handling. CVE-2018-4090: Jann Horn of Google Project Zero Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: A race condition was addressed through improved locking. CVE-2018-4092: an anonymous researcher Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-2018-4082: Russ Cox of Google Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2018-4093: Jann Horn of Google Project Zero LinkPresentation Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted text message may lead to application denial of service Description: A resource exhaustion issue was addressed through improved input validation. CVE-2018-4100: Abraham Masri (@cheesecakeufo) QuartzCore Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of web content. This issue was addressed through improved input validation. CVE-2018-4085: Ret2 Systems Inc. working with Trend Micro’s Zero Day Initiative Security Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A certificate may have name constraints applied incorrectly Description: A certificate evaluation issue existed in the handling of name constraints. This issue was addressed through improved trust evaluation of certificates. CVE-2018-4086: Ian Haken of Netflix WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4088: Jeonghoon Shin of Theori CVE-2018-4089: Ivan Fratric of Google Project Zero CVE-2018-4096: found by OSS-Fuzz Source
iOS 11.3 Preview – New Animojis for iPhone X, iCloud Messages, Business Chat
In other news, Apple is already working on it next major update 11.3, which the company previewed today. The update will include new Animojis, which are powered by the exclusive AR feature for iPhone X that maps your facial movement to fun, gimmicky characters. Business Chat, a new messaging feature the company previewed but never released is available in beta. Users will be able to seek customer support from popular businesses such as Hilton, Wells Fargo, and Lowes. There are also further improvements to the Health app and the return of iCloud Messages. We’ll have more details when the final software update is released in the spring. In the meantime, go grab that 11.2.5 update and let us know how it’s working on your Apple device. Comment
Δ