A falta de 3 días para que llegue el iPhone X, Apple lanza iOS 11.1 para dispositivos iPhone y iPad. 70 nuevos emojis y muchas mejoras: como el rendimiento de la batería y el 3D Touch.
Apple ha lanzado la última versión para nuestros dispositivos, algo que estábamos esperando tras algunos de los fallos que han ido apareciendo. A falta de actualizarlo en nuestros dispositivos, se puede decir que el iOS 11.1 debería haber sido el iOS 11.0
ADVERTISEMENT
Actualizaciones corregidas por Apple
En una descripción más detallada por parte de Apple, estos son los cambios que han hecho para estabilizar iOS 11.1
CoreText
- Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
- Impact: Processing a maliciously crafted text file may lead to an unexpected application termination
- Description: A denial of service issue was addressed through improved memory handling.
- CVE-2017-13849: Ro of SavSec
Kernel
- Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
- Impact: An application may be able to execute arbitrary code with kernel privileges
- Description: A memory corruption issue was addressed with improved memory handling.
- CVE-2017-13799: an anonymous researcher
Messages
- Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
- Impact: A person with physical access to an iOS device may be able to access photos from the lock screen
- Description: A lock screen issue allowed access to photos via Reply With Message on a locked device. This issue was addressed with improved state management.
- CVE-2017-13844: Miguel Alvarado of iDeviceHelp INC
Siri
- Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
- Impact: A person with physical access to an iOS device may be able to use Siri to read notifications of content that is set not to be displayed at the lock screen
- Description: An issue existed with Siri permissions. This was addressed with improved permission checking.
- CVE-2017-13805: an anonymous researcher
StreamingZip
- Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
- Impact: A malicious zip file may be able modify restricted areas of the file system
- Description: A path handling issue was addressed with improved validation.
- CVE-2017-13804: @qwertyoruiopz at KJC Research Intl. S.R.L.
UIKit
- Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
- Impact: Characters in a secure text field might be revealed
- Description: The characters in a secure text field were revealed during focus change events. This issue was addressed through improved state management.
- CVE-2017-7113: an anonymous researcher, Duraiamuthan Harikrishnan of Tech Mahindra, Ricardo Sampayo of Bemo Ltd
WebKit
- Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: Multiple memory corruption issues were addressed with improved memory handling.
- CVE-2017-13784: Ivan Fratric of Google Project Zero
- CVE-2017-13783: Ivan Fratric of Google Project Zero
- CVE-2017-13785: Ivan Fratric of Google Project Zero
- CVE-2017-13788: xisigr of Tencent’s Xuanwu Lab (tencent.com)
- CVE-2017-13802: Ivan Fratric of Google Project Zero
- CVE-2017-13792: Ivan Fratric of Google Project Zero
- CVE-2017-13795: Ivan Fratric of Google Project Zero
- CVE-2017-13798: Ivan Fratric of Google Project Zero
- CVE-2017-13796: Ivan Fratric of Google Project Zero
- CVE-2017-13794: Ivan Fratric of Google Project Zero
- CVE-2017-13793: Hanul Choi working with Trend Micro’s Zero Day Initiative
- CVE-2017-13791: Ivan Fratric of Google Project Zero
- CVE-2017-13803: chenqin (陈钦) of Ant-financial Light-Year Security
Wi-Fi
- Available for: iPhone 7 and later, and iPad Pro 9.7-inch (early 2016) and later
- Impact: An attacker in Wi-Fi range may force nonce reuse in WPA clients (Key Reinstallation Attacks – KRACK)
- Description: A logic issue existed in the handling of state transitions. This was addressed with improved state management.
- CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven
