Apple releases major security update with iOS 10.2.1

Apple releases major security update with iOS 10.2.1 [Image: Pinkypills via iStock]

Apple has released its latest update to its iOS software and it has garnered both praise and criticism.

The update was issued to patch security vulnerabilities, including a number relating to WebKit, the layout engine software component behind Apple’s Safari browser.

It doesn’t come with any new features or useful tricks, but it will remove the security flaws that Apple has detailed on its website. As well as the WebKit issues, Apple has patched vulnerabilities around kernel, contacts libarchive, Unlock with iPhone and WiFi.

Since these are all problems with potentially devastating consequences, it is an urgent update so all iPhone, iPad and iPod users should download it as soon as is reasonable. This is particularly true if you are using your device for work purposes.

The two kernel flaws are particularly concerning, as they can allow a malicious application to execute arbitrary code with kernel privileges. This could result in the app taking control of the device.

Speaking to Wired, JP Taggart, senior security researcher at Malwarebytes, said: “It can add files, delete files, or execute any actions.

“Want to record conversations and forward them to someone else? It can do that. Want to install additional malicious software? It can do that. Want to uninstall programs on the affected phone? It can do that. Want to hide these actions, programs and files from the user? It can do that too.”

According to Brian Barrett, writing in Wired, “several of the WebKit vulnerabilities can also lead to arbitrary code execution, and may be even more alarming”. He explained that this is because “while Apple can limit the number of malicious apps in its ecosystem through App Store vetting, WebKit presents a less filtered opportunity for malice”.

Although the update does bolster the security of people’s devices, it has not been entirely well received.

One of the problems with the update, according to tech blogger and Forbes columnist Gordon Kelly, is that Apple has not addressed the issue with devices running out of battery life when they reach 30 per cent.

Mr Kelly said that this bug can affect every Apple device apart from the iPhone 7 and 7 Plus, making it a problem for a vast amount of people.

Apple has responded to the issue – which is now widely considered a bug – by recalling a limited number of iPhone 6S smartphones. However, Mr Kelly has pointed out that they have not acknowledged that the bug exists.

He added that Apple has already planned its next software update to include a major feature – Theatre Mode – so will be unlikely to remedy the problem of devices switching off when they reach a certain power level.