iOS 11 Addresses Important Security Updates

iOS 11 addresses important security updates. Launching today at noon, CST, iOS 11 has some amazing new features that have been well documented elsewhere. In addition to new features, iOS 11 contains security updates as well.

 

Reposted from APPLE-SA-2017-09-19-1 iOS 11

iOS 11 is now available and addresses the following:

Exchange ActiveSync
Available for: iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: An attacker in a privileged network position may be able to
erase a device during Exchange account setup
Description: A validation issue existed in AutoDiscover V1. This
issue was addressed through requiring TLS.
CVE-2017-7088: Ilya Nesterov, Maxim Goncharov

iBooks
Available for: iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: Parsing a maliciously crafted iBooks file may lead to a
persistent denial-of-service
Description: Multiple denial of service issues were addressed through
improved memory handling.
CVE-2017-7072: Jędrzej Krysztofiak

Mail MessageUI
Available for: iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: Processing a maliciously crafted image may lead to a denial
of service
Description: A memory corruption issue was addressed with improved
validation.
CVE-2017-7097: Xinshu Dong and Jun Hao Tan of Anquan Capital

Messages
Available for: iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: Processing a maliciously crafted image may lead to a denial
of service
Description: A denial of service issue was addressed through improved
validation.
CVE-2017-7118: Kiki Jiang and Jason Tokoph

MobileBackup
Available for: iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: Backup may perform an unencrypted backup despite a
requirement to perform only encrypted backups
Description: A permissions issue existed. This issue was addressed
with improved permission validation.
CVE-2017-7133: Don Sparks of HackediOS.com

Safari
Available for: iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: Visiting a malicious website may lead to address bar spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2017-7085: xisigr of Tencent’s Xuanwu Lab (tencent.com)

WebKit
Available for: iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue existed in the handling of the parent-tab.
This issue was addressed with improved state management.
CVE-2017-7089: Anton Lopanitsyn of ONSEC, Frans Rosén of Detectify

WebKit
Available for: iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: Visiting a malicious website may lead to address bar spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2017-7106: Oliver Paukstadt of Thinking Objects GmbH (to.com)