iOS 10.2.1 - Fixes and Security Updates

Status
The first post in this thread is a WikiPost, and can be edited by anyone with the appropriate permissions.

SoN1NjA

macrumors 68020
Original poster
Feb 3, 2016
2,010
2,101
the pool
iOS 10.2.1
Release Date:
Monday, January 23, 2017
Build Version: 14D27
Darwin Kernel Version:

Please report bugs to Bug Reporter on the web (a developer account is not required to do this).

Bug Fixes
Auto Unlock
  • A logic issue was addressed through improved state management.
Contacts
  • An input validation issue existed in the parsing of contact cards. This issue was addressed through improved input validation.
Kernel
  • A buffer overflow issue was addressed through improved memory handling.
  • A use after free issue was addressed through improved memory management.
libarchive
  • A buffer overflow issue was addressed through improved memory handling.
WebKit
  • A prototype access issue was addressed through improved exception handling.
  • Multiple memory corruption issues were addressed through improved memory handling.
  • A memory initialization issue was addressed through improved memory handling.
  • Multiple memory corruption issues were addressed through improved input validation.
  • A validation issue existed in the handling of page loading. This issue was addressed through improved logic.
  • An issue existed in the handling of blocking popups. This was addressed through improved input validation.
  • A validation issue existed in the handling of variable handling. This issue was addressed through improved validation.
WiFi
  • An issue existed with handling user input that caused a device to present the home screen even when activation locked. This was addressed through improved input validation.
Release Notes
(not yet attached)
 
Last edited:

SoN1NjA

macrumors 68020
Original poster
Feb 3, 2016
2,010
2,101
the pool
Beta 2 had the best battery life for me. This build is "okay". Beta 3 was pretty bad.
I can't tell between any of them
battery life is so inconsistent I have no idea

Although some days I get through school dead, and others I have 40%, and sometimes 60%
 

Mlrollin91

macrumors G5
Nov 20, 2008
13,535
9,080
Ventura County
I can't tell between any of them
battery life is so inconsistent I have no idea

Although some days I get through school dead, and others I have 40%, and sometimes 60%
My usage is pretty much identical day after day. So I just keep little notes of what I end the day with and my usage/standby time when testing new builds so I can compare.
 

Yun0

macrumors 68000
Jun 12, 2013
1,516
804
Winnipeg, Canada
Curious to see how this release handles, especially regarding battery life.
oh like every. single. release. since forever..?

every single beta/final: "great great battery", "horrible battery last beta better".


considering ive changed nothing on my device, my battery has been stable & normal since...a long time. how people claim the ios version at the time is at fault (especially those claiming every other beta is great/bad), beats me...

what happens when ur popular i guess..
 
  • Like
Reactions: Armen and Agit21

RobT

macrumors 6502a
Dec 20, 2007
636
38
Ohio, USA
Just tested the new Apple TV app on 10.2.1 on the iPad for playing synced movies and it now appears to be working! It used to be if you synced a local copy of a movie/video to the iPad and tried to play it in the TV app it didn't play like it used to in the Videos app. Seems to be OK now.
 
Last edited:
  • Like
Reactions: tk421

LordQ

Suspended
Sep 22, 2012
3,582
5,650
Is it the placebo or is everything quite smooth and fast? Specially opening apps and the Switcher :eek:
 
  • Like
Reactions: PR1985

Xenomorph

macrumors 65816
Aug 6, 2008
1,311
556
St. Louis
So my iPad Air 2 got stuck in the wrong orientation and my iPhone 6S resprings when I touch the search bar after pulling down notifications and sliding over to widgets. Obviously these issues were not fixed in 10.2.1.
 

victorak

macrumors newbie
Jan 23, 2017
2
2
FYI:

APPLE-SA-2017-01-23-1 iOS 10.2.1

iOS 10.2.1 is now available and addresses the following:

Auto Unlock
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Auto Unlock may unlock when Apple Watch is off the user's
wrist
Description: A logic issue was addressed through improved state
management.
CVE-2017-2352: Ashley Fernandez of raptAware Pty Ltd

Contacts
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing a maliciously crafted contact card may lead to
unexpected application termination
Description: An input validation issue existed in the parsing of
contact cards. This issue was addressed through improved input
validation.
CVE-2017-2368: Vincent Desmurs (vincedes3)

Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow issue was addressed through improved
memory handling.
CVE-2017-2370: Ian Beer of Google Project Zero

Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed through improved
memory management.
CVE-2017-2360: Ian Beer of Google Project Zero

libarchive
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Unpacking a maliciously crafted archive may lead to arbitrary
code execution
Description: A buffer overflow issue was addressed through improved
memory handling.
CVE-2016-8687: Agostino Sarubbo of Gentoo

WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin
Description: A prototype access issue was addressed through improved
exception handling.
CVE-2017-2350: Gareth Heyes of Portswigger Web Security

WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2017-2354: Neymar of Tencent's Xuanwu Lab (tencent.com) working
with Trend Micro's Zero Day Initiative
CVE-2017-2362: Ivan Fratric of Google Project Zero
CVE-2017-2373: Ivan Fratric of Google Project Zero

WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory initialization issue was addressed through
improved memory handling.
CVE-2017-2355: Team Pangu and lokihardt at PwnFest 2016

WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved input validation.
CVE-2017-2356: Team Pangu and lokihardt at PwnFest 2016
CVE-2017-2366: Kai Kang of Tencent's Xuanwu Lab (tencent.com)
CVE-2017-2369: Ivan Fratric of Google Project Zero

WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin
Description: Multiple validation issues existed in the handling of
page loading. This issue was addressed through improved logic.
CVE-2017-2363: lokihardt of Google Project Zero
CVE-2017-2364: lokihardt of Google Project Zero

WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious website can open popups
Description: An issue existed in the handling of blocking popups.
This was addressed through improved input validation.
CVE-2017-2371: lokihardt of Google Project Zero

WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin
Description: A validation issue existed in variable handling. This
issue was addressed through improved validation.
CVE-2017-2365: lokihardt of Google Project Zero

WiFi
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An activation-locked device can be manipulated to briefly
present the home screen
Description: An issue existed with handling user input that caused a
device to present the home screen even when activation locked. This
was addressed through improved input validation.
CVE-2017-2351: Sriram (@Sri_Hxor) of Primefort Pvt. Ltd., Hemanth
Joseph

Additional recognition

WebKit hardening
We would like to acknowledge Ben Gras, Kaveh Razavi, Erik Bosman,
Herbert Bos, and Cristiano Giuffrida of the vusec group at
Vrije Universiteit Amsterdam for their assistance.

Installation note:

This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/

iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.

The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.

To check that the iPhone, iPod touch, or iPad has been updated:

* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "10.2.1".

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
 

GrievingFob606

Suspended
Nov 15, 2016
229
74
FYI:

APPLE-SA-2017-01-23-1 iOS 10.2.1

iOS 10.2.1 is now available and addresses the following:

Auto Unlock
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Auto Unlock may unlock when Apple Watch is off the user's
wrist
Description: A logic issue was addressed through improved state
management.
CVE-2017-2352: Ashley Fernandez of raptAware Pty Ltd

Contacts
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing a maliciously crafted contact card may lead to
unexpected application termination
Description: An input validation issue existed in the parsing of
contact cards. This issue was addressed through improved input
validation.
CVE-2017-2368: Vincent Desmurs (vincedes3)

Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow issue was addressed through improved
memory handling.
CVE-2017-2370: Ian Beer of Google Project Zero

Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed through improved
memory management.
CVE-2017-2360: Ian Beer of Google Project Zero

libarchive
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Unpacking a maliciously crafted archive may lead to arbitrary
code execution
Description: A buffer overflow issue was addressed through improved
memory handling.
CVE-2016-8687: Agostino Sarubbo of Gentoo

WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin
Description: A prototype access issue was addressed through improved
exception handling.
CVE-2017-2350: Gareth Heyes of Portswigger Web Security

WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2017-2354: Neymar of Tencent's Xuanwu Lab (tencent.com) working
with Trend Micro's Zero Day Initiative
CVE-2017-2362: Ivan Fratric of Google Project Zero
CVE-2017-2373: Ivan Fratric of Google Project Zero

WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory initialization issue was addressed through
improved memory handling.
CVE-2017-2355: Team Pangu and lokihardt at PwnFest 2016

WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved input validation.
CVE-2017-2356: Team Pangu and lokihardt at PwnFest 2016
CVE-2017-2366: Kai Kang of Tencent's Xuanwu Lab (tencent.com)
CVE-2017-2369: Ivan Fratric of Google Project Zero

WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin
Description: Multiple validation issues existed in the handling of
page loading. This issue was addressed through improved logic.
CVE-2017-2363: lokihardt of Google Project Zero
CVE-2017-2364: lokihardt of Google Project Zero

WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious website can open popups
Description: An issue existed in the handling of blocking popups.
This was addressed through improved input validation.
CVE-2017-2371: lokihardt of Google Project Zero

WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin
Description: A validation issue existed in variable handling. This
issue was addressed through improved validation.
CVE-2017-2365: lokihardt of Google Project Zero

WiFi
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An activation-locked device can be manipulated to briefly
present the home screen
Description: An issue existed with handling user input that caused a
device to present the home screen even when activation locked. This
was addressed through improved input validation.
CVE-2017-2351: Sriram (@Sri_Hxor) of Primefort Pvt. Ltd., Hemanth
Joseph

Additional recognition

WebKit hardening
We would like to acknowledge Ben Gras, Kaveh Razavi, Erik Bosman,
Herbert Bos, and Cristiano Giuffrida of the vusec group at
Vrije Universiteit Amsterdam for their assistance.

Installation note:

This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/

iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.

The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.

To check that the iPhone, iPod touch, or iPad has been updated:

* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "10.2.1".

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
Okay? We all read the same thing on the Apple website.
 

I7guy

macrumors Core
Nov 30, 2013
22,930
11,037
Gotta be in it to win it
So my iPad Air 2 got stuck in the wrong orientation and my iPhone 6S resprings when I touch the search bar after pulling down notifications and sliding over to widgets. Obviously these issues were not fixed in 10.2.1.
Interesting, I tried to replicate on my 6s and don't experience any resprings...fwiw.
 

Shirasaki

macrumors G4
May 16, 2015
10,002
3,880
Then the last beta must be the same build as this "official" build. Too bad that I have no idea how to improve my battery life.
 

VSG

macrumors regular
Aug 9, 2014
217
215
The News-widget for the control center is gone now in Germany. Pity.

Edit: The widget seems to be missing on some iPhones. iPads are not affected. Strange.
 
Last edited:
  • Like
Reactions: one more

gk712

macrumors newbie
Sep 11, 2013
28
3
The News-widget for the control center is gone now in Germany. Pity.

Edit: The widget seems to be missing on some iPhones. iPads are not affected. Strange.

same here... NEWS-widget gone on my iPhone 7+ and iOS 10.2.1 14D27 , why? was it the same with beta3 / 4?

EDIT:
changed REGION settings to US and back to GERMANY and the NEWS-widget reappeared!
 
Last edited:
  • Like
Reactions: VSG
Status
The first post in this thread is a WikiPost, and can be edited by anyone with the appropriate permissions.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.