{"id":6267,"date":"2017-01-23T13:46:04","date_gmt":"2017-01-23T21:46:04","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/01\/23\/news-120\/"},"modified":"2017-01-23T13:46:04","modified_gmt":"2017-01-23T21:46:04","slug":"news-120","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/01\/23\/news-120\/","title":{"rendered":"The New iOS Update Fixes Big Security Holes, So Get It Now"},"content":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/assets.wired.com\/photos\/w_1000\/wp-content\/uploads\/2017\/01\/iphone-crop.jpg\"\/><\/p>\n<article class='content link-underline relative body-copy' data-js='content' itemprop=\"articleBody\">\n<div id=\"small-art\" data-share>\n<figure id=\"attachment_2150391\" class=\"carve wp-caption square alignnone  relative\" data-js=\"\">\n<div class=\"ui-social-wrapper image absolute top right\">\n<ul class=\"no-marg\">\n<li><a class=\"fb clearfix no-underline no-outline\" onclick=\"window.open( 'https:\/\/www.facebook.com\/dialog\/feed?display=popup&#038;app_id=719405864858490&#038;link=https%3A%2F%2Fwww.wired.com%2F2017%2F01%2Fnew-ios-update-fixes-big-security-holes-get-now%2F&#038;picture=https%3A%2F%2Fwww.wired.com%2Fwp-content%2Fuploads%2F2017%2F01%2Fiphone-crop.jpg&#038;redirect_uri=https%3A%2F%2Fwww.wired.com%2F2017%2F01%2Fnew-ios-update-fixes-big-security-holes-get-now%2F' , 'Facebook' , 'height=580, width=730' )\"><i aria-hidden=\"true\" role=\"presentation\" class=\"ui ui-social-xtra-sm ui-fb-xtra-sm active bg-fb\"><\/i><\/a><\/li>\n<li><a  class=\"pint clearfix no-underline no-outline\" onclick=\"window.open( 'https:\/\/pinterest.com\/pin\/create\/button\/?url=https%3A%2F%2Fwww.wired.com%2F2017%2F01%2Fnew-ios-update-fixes-big-security-holes-get-now%2F&#038;is_video=true&#038;media=https:\/\/www.wired.com\/wp-content\/uploads\/2017\/01\/iphone-crop.jpg&#038;description=The%20New%20iOS%20Update%20Fixes%20Big%20Security%20Holes%2C%20So%20Get%20It%20Now%20%7C%20%20%20%7C%20Credit%3AWired%20%7C%20From%20WIRED.com' , 'Pinterest' , 'height=580, width=730' )\"><i aria-hidden=\"true\" role=\"presentation\" data-js=\"social\"  class=\"ui ui-social-xtra-sm ui-pint-xtra-sm active bg-pint\"><\/i><\/a><\/li>\n<\/ul><\/div>\n<p><img decoding=\"async\" class=\"size-default-top-art wp-image-2150391\" srcset=\"https:\/\/assets.wired.com\/photos\/w_280\/wp-content\/uploads\/2017\/01\/iphone-crop.jpg 280w, https:\/\/assets.wired.com\/photos\/w_289\/wp-content\/uploads\/2017\/01\/iphone-crop.jpg 289w, https:\/\/assets.wired.com\/photos\/w_335\/wp-content\/uploads\/2017\/01\/iphone-crop.jpg 335w, https:\/\/assets.wired.com\/photos\/w_560\/wp-content\/uploads\/2017\/01\/iphone-crop.jpg 560w, https:\/\/assets.wired.com\/photos\/w_578\/wp-content\/uploads\/2017\/01\/iphone-crop.jpg 578w, https:\/\/assets.wired.com\/photos\/w_582\/wp-content\/uploads\/2017\/01\/iphone-crop.jpg 582w, https:\/\/assets.wired.com\/photos\/w_670\/wp-content\/uploads\/2017\/01\/iphone-crop.jpg 670w, https:\/\/assets.wired.com\/photos\/w_1000\/wp-content\/uploads\/2017\/01\/iphone-crop.jpg 1000w\" sizes=\"(min-width: 768px) 289px, (max-width: 767px) calc(100vw - (20px * 2)), 582px\" data-pin-description=\"The New iOS Update Fixes Big Security Holes, So Get It Now\" src=\"https:\/\/assets.wired.com\/photos\/w_1000\/wp-content\/uploads\/2017\/01\/iphone-crop.jpg\" \/><figcaption class=\"wp-caption-text link-underline\"><!--Generated in 0.697 ms--> <span class=\"marg-r-micro\"><\/span><span class=\"credit link-underline-sm\"><span aria-hidden=\"true\" class=\"ui ui-photo inline-block ui-credit relative opacity-6 marg-r-sm no-caption\"><\/span>Wired<\/span><\/figcaption><\/figure>\n<\/p><\/div>\n<p>Apple updates iOS with enough regularity that it begins to feel routine. And most time, it is, especially the farther you get from the company\u2019s yearly, feature-packed version overhauls. iOS 10.2.1, released today, is not routine. In fact, it\u2019s very important that you download it as soon as you reasonably can.<\/p>\n<p>Most iOS updates involve security fixes of varying severity. iOS 10.2.1, though, protects against a wide range of potentially devastating attacks. <\/p>\n<p>Apple <a href=\"https:\/\/support.apple.com\/en-us\/HT207482\" target=\"_blank\">details<\/a> over a dozen vulnerabilities in all in the iOS 10.2.1 release, including 11 focused around WebKit, the browser engine behind Safari, the App Store, and lots of iOS apps. They also include two instances in which a malicious application could execute arbitrary code with kernel privileges, which is to say, it could take complete control of your device.<\/p>\n<p>\u201cIt can add files, delete files, or execute any actions,\u201d says JP Taggart, senior security researcher at Malwarebytes. \u201cWant to record conversations and forward them to someone else? It can do that. Want to install additional malicious software? It can do that. Want to uninstall programs on the affected phone? It can do that. Want to hide these actions, programs and files from the user? It can do that too.\u201d<\/p>\n<p>Several of the WebKit vulnerabilities can also lead to arbitrary code execution, and may be even more alarming. That\u2019s because while Apple can limit the number of malicious apps in its ecosystem through App Store vetting, WebKit presents a less filtered opportunity for malice. <\/p>\n<p>If there\u2019s a bright side to the update announcement, it\u2019s that it took some of the best researchers to find them. Google\u2019s <a href=\"https:\/\/www.wired.com\/2014\/07\/google-project-zero\/\" target=\"_blank\">Project Zero<\/a>, in particular, reported nine of the vulnerabilities. It\u2019s impossible to know for sure, but that makes it unlikely that either awareness or use of these opportunities were widely known among bad actors.<\/p>\n<p>\u201cThese were some top notch hackers who found them, so the bar was quite high,\u201d says iOS forensics expert Jonathan Zdziarski. <\/p>\n<p>If they were used, says Taggart, it would most likely have been by nation-states against high-profile targets. And there\u2019s likely not enough information in Apple\u2019s disclosure to start a broader rash of attacks in the near future.<\/p>\n<p>Still, all it takes to be sure in your security is a quick firmware update. When you have a good Wi-Fi connection, go to <strong>Settings > General > Software Update<\/strong>. Tap Download and Install. Go get a coffee or something, and by the time you\u2019re back, you should be all patched up. (You can also update through iTunes, if you insist.) <\/p>\n<p>Do it today, if you can. While the bad guys may not know exactly how to compromise your iPhone, they know that it\u2019s possible. \u201cThey now know where to concentrate their efforts,\u201d says Taggart,\u201d and what will yield the best results. <\/p>\n<p><em>Additional reporting by Andy Greenberg.<\/em><\/p>\n<p><a href=\"https:\/\/www.wired.com\/2017\/01\/new-ios-update-fixes-big-security-holes-get-now\/\" target=\"bwo\" >https:\/\/www.wired.com\/category\/security\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<div class=\"rss_thumbnail\"><img decoding=\"async\" src=\"https:\/\/www.wired.com\/wp-content\/uploads\/2017\/01\/iphone-660x330.jpg\" alt=\"The New iOS Update Fixes Big Security Holes, So Get It Now\" \/><\/div>\n<p>Apple just released an iOS update full of security fixes that you need to jump on. The post <a href=\"https:\/\/www.wired.com\/2017\/01\/new-ios-update-fixes-big-security-holes-get-now\/\">The New iOS Update Fixes Big Security Holes, So Get It Now<\/a> appeared first on <a href=\"https:\/\/www.wired.com\">WIRED<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10378,10607],"tags":[2211,10480,10750,8826,10751,714,10752,10753],"class_list":["post-6267","post","type-post","status-publish","format-standard","hentry","category-security","category-wired","tag-apple","tag-ios","tag-ios-10-2-1","tag-iphone","tag-patches","tag-security","tag-vulnerabilities","tag-webkit"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/6267","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=6267"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/6267\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=6267"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=6267"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=6267"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}