Update your Apple products today!

March 29, 2017

It’s patch day at Apple!

Apple have been busy over the last few months and have released four new versions of its four operating systems for all its devices — iOS 10.3, macOS 10.12.4, watchOS 3.2 and tvOS 10.2.

iPhone:

iOS 10.3 adds Find My AirPods. You can see them on a map if they’re connected to an iOS device or you can play an alarm if you have an AirPod hidden below a stack of magazines. And if they’re not around, you can see the last location when your phone was connected to your AirPods.

Apple is updating all iOS devices to APFS in the background with a new file system. This should be completely transparent for the user, but it’s a major change as this new file system has been designed from the ground up to work with mobile, always-on devices with flash storage.

In watchOS 3.2, Apple is finally updating Siri to let you use Siri with third-party apps, just like on your phone. For instance, you could order a Lyft or call someone using WhatsApp from your Apple Watch. There’s also a new Theater Mode button so that the screen remains dark in a movie theater.

On macOS, Apple is bringing Night Shift. It favors warmer colors at night. This should allegedly improve your sleep. Real-time collaboration in iWork on macOS and iOS is out of beta.

From a security perspective, we got updates to macOS and iOS, but Apple also jam-packed a ton of security fixes into all its software. Totaling nearly 350 known vulnerabilities, Apple has pushed to make all its software more secure.

Another update for both iOS and macOS is a fix to a vulnerability where connecting to what appears to be a secure server actually opens the door for remote code execution. Talos, a threat intelligence organization, shared details on their CVE-2017-2485. The vulnerability discovered showed that when a Safari browser navigated to a HTTPS site, macOS and iOS would validate the invalid and malicious certificate leaving the user open to attack. Talos also mentioned that the vulnerability existed within Chrome as well.

For example, iOS 10.3 fixes a security hole that allowed attackers to spam Safari with a ‘Cannot Open Page’ dialog. Lookout, a cybersecurity company, learned of the attack after one of their users complained of losing control over their browsing experience. The dialog was meant to trick users into eventually paying money to “unlock” their Safari browser.

Another update for both iOS and macOS is a fix to a vulnerability where connecting to what appears to be a secure server actually opens the door for remote code execution. Talos, a threat intelligence organization, shared details on their CVE-2017-2485. The vulnerability discovered showed that when a Safari browser navigated to a HTTPS site, macOS and iOS would validate the invalid and malicious certificate leaving the user open to attack. Talos also mentioned that the vulnerability existed within Chrome as well.

 

For expert support on Apple products and any questions, queries or concerns you may have, please reach out to us:

info@computezero.com

045561570