Late last year, a teenager attempting to collect a bug bounty from Apple exploited a flaw that allowed him to open apps and make phone calls on an iPhone remotely. In order to demonstrate how serious of a flaw this was, he shared a code that caused iPhones to repeatedly dial 911, for which he was arrested. Months later, Apple has confirmed that the flaw exploited in the hack has been patched in the recently released iOS 10.3.
iOS 10.3 rolled out to the public on Monday, but it wasn’t until Friday morning that the Wall Street Journal published a story confirming that the exploit had been fixed in the latest version of the software.
The code only triggered 911 calls from iPhones, exploiting a feature in the smartphone’s software that allows users to click on a phone number and immediately initiate a call. Apple says the update supersedes that capability and now requires users to always press a second confirmation before initiating a call.
According to the report, Apple worked with app developers to solve the problem, and now that the fix has been implemented, it should be impossible to repeat the attack, even on apps that haven’t specifically been updated to combat the flaw. While there was almost certainly an easier way to go about discovering and fixing this issue, it appears that the accidental cyberattack has had a positive outcome in the end.
With its faster animations and new file system, iOS 10.3 was already worth downloading ASAP, but this is yet another reason to upgrade. Just be sure to back up your files first — we explain why in this post.