Apple yesterday released iOS 10.3 for the iPhone and iPad, an update that brought with it a number of interesting new features, including a new “Find My AirPods” feature and a brand new file system dubbed APFS (complete with full disk encryption) that Apple originally introduced at WWDC last year.
Lurking beneath the surface of iOS 10.3, however, are a number of important security updates worth highlighting. iOS has always been a rather robust OS, but as the recent CIA leak from Wikileaks demonstrates, there are always hackers and government agencies dead set on unearthing and exploiting iOS security holes.
As a prime example, iOS 10.3 fixes a Safari security vulnerability that allowed hackers to prevent affected users from browsing the web (via an endless stream of pop-ups) without ponying up some cash in the form of an iTunes gift card code.
Lookout, the security firm which first discovered the attack a few weeks ago, writes of the patch:
Lookout found this attack in the wild last month, along with several related websites used in the campaign, discovered the root cause, and shared the details with Apple. As part of the iOS 10.3 patch released today, Apple closed the attack vector by changing how Mobile Safari handles website pop-up dialogs, making them per-tab rather than taking over the entire app.
All told, iOS 10.3 introduces hundreds of security fixes, a tally which makes iOS 10.3 an update you’d be well advised to download sooner rather than later. While some of the fixes are rather obscure, a good number of them address exploits that allow for arbitrary code execution with root privileges.
A full list of Apple’s numerous security fixes in iOS 10.3 can be viewed over here.