iOS 10.2.1 - Fixes and Security Updates

Discussion in 'iOS 10' started by SoN1NjA, Jan 23, 2017.

Thread Status:
The first post in this thread is a WikiPost, and can be edited by anyone with the appropriate permissions.
  1. SoN1NjA, Jan 23, 2017
    Last edited by SoN1NjA: Jan 24, 2017

    SoN1NjA macrumors 65816

    SoN1NjA

    Joined:
    Feb 3, 2016
    Location:
    designing another cheap logo
    #1
    iOS 10.2.1
    Release Date:
    Monday, January 23, 2017
    Build Version: 14D27
    Darwin Kernel Version:

    Please report bugs to Bug Reporter on the web (a developer account is not required to do this).

    Bug Fixes
    Auto Unlock
    • A logic issue was addressed through improved state management.
    Contacts
    • An input validation issue existed in the parsing of contact cards. This issue was addressed through improved input validation.
    Kernel
    • A buffer overflow issue was addressed through improved memory handling.
    • A use after free issue was addressed through improved memory management.
    libarchive
    • A buffer overflow issue was addressed through improved memory handling.
    WebKit
    • A prototype access issue was addressed through improved exception handling.
    • Multiple memory corruption issues were addressed through improved memory handling.
    • A memory initialization issue was addressed through improved memory handling.
    • Multiple memory corruption issues were addressed through improved input validation.
    • A validation issue existed in the handling of page loading. This issue was addressed through improved logic.
    • An issue existed in the handling of blocking popups. This was addressed through improved input validation.
    • A validation issue existed in the handling of variable handling. This issue was addressed through improved validation.
    WiFi
    • An issue existed with handling user input that caused a device to present the home screen even when activation locked. This was addressed through improved input validation.
    Release Notes
    (not yet attached)
     
  2. JetBlack7 macrumors 68020

    JetBlack7

    Joined:
    May 14, 2011
    Location:
    Portugal
    #2
    Curious to see how this release handles, especially regarding battery life.
     
  3. d5aqoëp macrumors 6502a

    d5aqoëp

    Joined:
    Feb 9, 2016
    #3
    Its the same as beta 4 of 10.2.1. No update found on my iPhone 7 Plus.
     
  4. Mlrollin91 macrumors G4

    Mlrollin91

    Joined:
    Nov 20, 2008
    Location:
    Ventura County
    #4
    Beta 2 had the best battery life for me. This build is "okay". Beta 3 was pretty bad.
     
  5. Donga120 macrumors 6502

    Donga120

    Joined:
    Sep 19, 2014
    Location:
    Derby
    #5

    Bollocks
     
  6. SoN1NjA thread starter macrumors 65816

    SoN1NjA

    Joined:
    Feb 3, 2016
    Location:
    designing another cheap logo
    #6
    I can't tell between any of them
    battery life is so inconsistent I have no idea

    Although some days I get through school dead, and others I have 40%, and sometimes 60%
     
  7. Mlrollin91 macrumors G4

    Mlrollin91

    Joined:
    Nov 20, 2008
    Location:
    Ventura County
    #7
    My usage is pretty much identical day after day. So I just keep little notes of what I end the day with and my usage/standby time when testing new builds so I can compare.
     
  8. Yun0 macrumors 65816

    Yun0

    Joined:
    Jun 12, 2013
    Location:
    Winnipeg, Canada
    #8
    oh like every. single. release. since forever..?

    every single beta/final: "great great battery", "horrible battery last beta better".


    considering ive changed nothing on my device, my battery has been stable & normal since...a long time. how people claim the ios version at the time is at fault (especially those claiming every other beta is great/bad), beats me...

    what happens when ur popular i guess..
     
  9. SSAJ macrumors 6502

    Joined:
    Aug 30, 2016
  10. RobT, Jan 23, 2017
    Last edited: Jan 23, 2017

    RobT macrumors 6502a

    RobT

    Joined:
    Dec 20, 2007
    Location:
    Ohio, USA
    #10
    Just tested the new Apple TV app on 10.2.1 on the iPad for playing synced movies and it now appears to be working! It used to be if you synced a local copy of a movie/video to the iPad and tried to play it in the TV app it didn't play like it used to in the Videos app. Seems to be OK now.
     
  11. LordQ macrumors 68040

    LordQ

    Joined:
    Sep 22, 2012
    #11
    Is it the placebo or is everything quite smooth and fast? Specially opening apps and the Switcher :eek:
     
  12. GeorgeVes macrumors member

    GeorgeVes

    Joined:
    Sep 11, 2016
    Location:
    United Kingdom
    #12
    I can't believe the animation for exiting apps is still stuttering :X Has been this way since iOS 10.0 !
     
  13. miragebg macrumors 6502a

    Joined:
    Mar 23, 2009
    #13
    Is the battery problems of 6S already fixed with this release??
     
  14. Xenomorph macrumors 65816

    Xenomorph

    Joined:
    Aug 6, 2008
    Location:
    St. Louis
    #14
    So my iPad Air 2 got stuck in the wrong orientation and my iPhone 6S resprings when I touch the search bar after pulling down notifications and sliding over to widgets. Obviously these issues were not fixed in 10.2.1.
     
  15. victorak macrumors newbie

    victorak

    Joined:
    Jan 23, 2017
    #15
    FYI:

    APPLE-SA-2017-01-23-1 iOS 10.2.1

    iOS 10.2.1 is now available and addresses the following:

    Auto Unlock
    Available for: iPhone 5 and later, iPad 4th generation and later,
    iPod touch 6th generation and later
    Impact: Auto Unlock may unlock when Apple Watch is off the user's
    wrist
    Description: A logic issue was addressed through improved state
    management.
    CVE-2017-2352: Ashley Fernandez of raptAware Pty Ltd

    Contacts
    Available for: iPhone 5 and later, iPad 4th generation and later,
    iPod touch 6th generation and later
    Impact: Processing a maliciously crafted contact card may lead to
    unexpected application termination
    Description: An input validation issue existed in the parsing of
    contact cards. This issue was addressed through improved input
    validation.
    CVE-2017-2368: Vincent Desmurs (vincedes3)

    Kernel
    Available for: iPhone 5 and later, iPad 4th generation and later,
    iPod touch 6th generation and later
    Impact: An application may be able to execute arbitrary code with
    kernel privileges
    Description: A buffer overflow issue was addressed through improved
    memory handling.
    CVE-2017-2370: Ian Beer of Google Project Zero

    Kernel
    Available for: iPhone 5 and later, iPad 4th generation and later,
    iPod touch 6th generation and later
    Impact: An application may be able to execute arbitrary code with
    kernel privileges
    Description: A use after free issue was addressed through improved
    memory management.
    CVE-2017-2360: Ian Beer of Google Project Zero

    libarchive
    Available for: iPhone 5 and later, iPad 4th generation and later,
    iPod touch 6th generation and later
    Impact: Unpacking a maliciously crafted archive may lead to arbitrary
    code execution
    Description: A buffer overflow issue was addressed through improved
    memory handling.
    CVE-2016-8687: Agostino Sarubbo of Gentoo

    WebKit
    Available for: iPhone 5 and later, iPad 4th generation and later,
    iPod touch 6th generation and later
    Impact: Processing maliciously crafted web content may exfiltrate
    data cross-origin
    Description: A prototype access issue was addressed through improved
    exception handling.
    CVE-2017-2350: Gareth Heyes of Portswigger Web Security

    WebKit
    Available for: iPhone 5 and later, iPad 4th generation and later,
    iPod touch 6th generation and later
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution
    Description: Multiple memory corruption issues were addressed through
    improved memory handling.
    CVE-2017-2354: Neymar of Tencent's Xuanwu Lab (tencent.com) working
    with Trend Micro's Zero Day Initiative
    CVE-2017-2362: Ivan Fratric of Google Project Zero
    CVE-2017-2373: Ivan Fratric of Google Project Zero

    WebKit
    Available for: iPhone 5 and later, iPad 4th generation and later,
    iPod touch 6th generation and later
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution
    Description: A memory initialization issue was addressed through
    improved memory handling.
    CVE-2017-2355: Team Pangu and lokihardt at PwnFest 2016

    WebKit
    Available for: iPhone 5 and later, iPad 4th generation and later,
    iPod touch 6th generation and later
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution
    Description: Multiple memory corruption issues were addressed through
    improved input validation.
    CVE-2017-2356: Team Pangu and lokihardt at PwnFest 2016
    CVE-2017-2366: Kai Kang of Tencent's Xuanwu Lab (tencent.com)
    CVE-2017-2369: Ivan Fratric of Google Project Zero

    WebKit
    Available for: iPhone 5 and later, iPad 4th generation and later,
    iPod touch 6th generation and later
    Impact: Processing maliciously crafted web content may exfiltrate
    data cross-origin
    Description: Multiple validation issues existed in the handling of
    page loading. This issue was addressed through improved logic.
    CVE-2017-2363: lokihardt of Google Project Zero
    CVE-2017-2364: lokihardt of Google Project Zero

    WebKit
    Available for: iPhone 5 and later, iPad 4th generation and later,
    iPod touch 6th generation and later
    Impact: A malicious website can open popups
    Description: An issue existed in the handling of blocking popups.
    This was addressed through improved input validation.
    CVE-2017-2371: lokihardt of Google Project Zero

    WebKit
    Available for: iPhone 5 and later, iPad 4th generation and later,
    iPod touch 6th generation and later
    Impact: Processing maliciously crafted web content may exfiltrate
    data cross-origin
    Description: A validation issue existed in variable handling. This
    issue was addressed through improved validation.
    CVE-2017-2365: lokihardt of Google Project Zero

    WiFi
    Available for: iPhone 5 and later, iPad 4th generation and later,
    iPod touch 6th generation and later
    Impact: An activation-locked device can be manipulated to briefly
    present the home screen
    Description: An issue existed with handling user input that caused a
    device to present the home screen even when activation locked. This
    was addressed through improved input validation.
    CVE-2017-2351: Sriram (@Sri_Hxor) of Primefort Pvt. Ltd., Hemanth
    Joseph

    Additional recognition

    WebKit hardening
    We would like to acknowledge Ben Gras, Kaveh Razavi, Erik Bosman,
    Herbert Bos, and Cristiano Giuffrida of the vusec group at
    Vrije Universiteit Amsterdam for their assistance.

    Installation note:

    This update is available through iTunes and Software Update on your
    iOS device, and will not appear in your computer's Software Update
    application, or in the Apple Downloads site. Make sure you have an
    Internet connection and have installed the latest version of iTunes
    from www.apple.com/itunes/

    iTunes and Software Update on the device will automatically check
    Apple's update server on its weekly schedule. When an update is
    detected, it is downloaded and the option to be installed is
    presented to the user when the iOS device is docked. We recommend
    applying the update immediately if possible. Selecting Don't Install
    will present the option the next time you connect your iOS device.

    The automatic update process may take up to a week depending on the
    day that iTunes or the device checks for updates. You may manually
    obtain the update via the Check for Updates button within iTunes, or
    the Software Update on your device.

    To check that the iPhone, iPod touch, or iPad has been updated:

    * Navigate to Settings
    * Select General
    * Select About. The version after applying this update
    will be "10.2.1".

    Information will also be posted to the Apple Security Updates
    web site: https://support.apple.com/kb/HT201222
     
  16. GrievingFob606 Suspended

    Joined:
    Nov 15, 2016
    #16
    Okay? We all read the same thing on the Apple website.
     
  17. victorak macrumors newbie

    victorak

    Joined:
    Jan 23, 2017
    #17
    WE do indeed...
     
  18. GrievingFob606 Suspended

    Joined:
    Nov 15, 2016
    #18
    Yes, we the people. You think we didn't read that? Lmao.
     
  19. Danilo - Italy macrumors regular

    Joined:
    Oct 22, 2014
    #19
    This is a real shame.
     
  20. deano1972 macrumors 6502a

    deano1972

    Joined:
    Sep 16, 2016
    Location:
    United Kingdom
    #20
    Agree about beta 2
     
  21. I7guy macrumors G5

    Joined:
    Nov 30, 2013
    Location:
    What Exit?/Saguaro Country
    #21
    Interesting, I tried to replicate on my 6s and don't experience any resprings...fwiw.
     
  22. Shirasaki macrumors 603

    Shirasaki

    Joined:
    May 16, 2015
    #22
    Then the last beta must be the same build as this "official" build. Too bad that I have no idea how to improve my battery life.
     
  23. VSG, Jan 23, 2017
    Last edited: Jan 23, 2017

    VSG macrumors regular

    Joined:
    Aug 9, 2014
    #23
    The News-widget for the control center is gone now in Germany. Pity.

    Edit: The widget seems to be missing on some iPhones. iPads are not affected. Strange.
     
  24. gk712, Jan 24, 2017
    Last edited: Jan 24, 2017

    gk712 macrumors newbie

    Joined:
    Sep 11, 2013
    #24

    same here... NEWS-widget gone on my iPhone 7+ and iOS 10.2.1 14D27 , why? was it the same with beta3 / 4?

    EDIT:
    changed REGION settings to US and back to GERMANY and the NEWS-widget reappeared!
     
  25. VSG macrumors regular

    Joined:
    Aug 9, 2014
    #25
    Thanks, that worked!
     
Thread Status:
The first post in this thread is a WikiPost, and can be edited by anyone with the appropriate permissions.

Share This Page