iOS 16.2 and iPadOS 16.2 Fix Over 30 Security Vulnerabilities

[v0lume4]

AKA cutting off your nose to spite your face. 😆

I don’t know if you keep up with GPU news or not, but EVGA did it with Nvidia. EVGA’s business was primarily making Nvidia graphics cards. HUGE player in the space. American owned and known to have some of the best customer support in the industry.

They got sick of the way they were being treated by Nvidia and they announced, unexpectedly, that they were leaving the GPU market. Now they’re just focusing on the other parts of their business like power supplies and some other computer parts. They may go under in the long run as a result, or they may end up being just fine. But they had the balls to do something that they felt was right. The joys of a privately owned company.

 

[falkon-engine]

Missing the point - if vulnerabilities can exist in vetted apps, how much WORSE will it be with non-vetted apps?

You’re missing the point. Apple restricts competition (among prospective App Store operators or in-app purchase processors) by claiming that opening up the app distribution process will make iOS less secure, be bad for user privacy blah blah blah.

Yet iOS, even its current locked down state, is already vulnerable to zero days and exploits by NSO group and others. So competition is restricted, and yet vulnerabilities persist. So what is the point?

There are many legal and useful apps that apple prohibits from running on iPhone/iPad. For example, take Wi-Fi explorer. This is an incredibly useful app that can be used to sound your Wi-Fi radio environment and determine the optimal channel allocation for your Wi-Fi access points. This app exists on the Macintosh and is in the the App Store, it runs very well on M1 in a Macintosh, but it is prohibited by Apple from running on an M1 in an iPad. Same chip yet one platform is locked down and the other is not.

Wi-Fi explorer is a perfectly legal app with great utility for network engineers, but apple’s restrictions on the APIs that developers can access or apps they can distribute in iPhone/iPad has the effect of prohibiting otherwise legal trade. And yet despite apple’s restrictions, the kernel is still vulnerable to attack as evidenced by the plethora of zero day vulnerabilities that apple has patched this year alone in iOS 15 and iOS 16.

This is the point you’re missing. So I am glad the EU took bold action in the name of competition.

 

[whatgift]

You’re missing the point. Apple restricts competition (among prospective App Store operators or in-app purchase processors) by claiming that opening up the app distribution process will make iOS less secure, be bad for user privacy blah blah blah.

Yet iOS, even its current locked down state, is already vulnerable to zero days and exploits by NSO group and others. So competition is restricted, and yet vulnerabilities persist. So what is the point?

Not missing anything - while Apple undoubtedly benefits financially from the locked-down approach, the security and privacy benefits cannot be ignored, invalidated or dismissed, since they are one of the selling points of the iOS/iPadOS ecosystem.

To use an airline analogy - you don't get rid of airport security just because some prohibited items have gotten through at some stage. No security system is infallible, but that doesn't justify relaxing security measures.

That being said, I'm personally not against opening up the ecosystem, but thinking it's going to significantly dilute the key advantages of the ecosystem, but will be interesting finding out!

 

[Piplodocus]

I don’t know if you keep up with GPU news or not, but EVGA did it with Nvidia. EVGA’s business was primarily making Nvidia graphics cards. HUGE player in the space. American owned and known to have some of the best customer support in the industry.

They got sick of the way they were being treated by Nvidia and they announced, unexpectedly, that they were leaving the GPU market. Now they’re just focusing on the other parts of their business like power supplies and some other computer parts. They may go under in the long run as a result, or they may end up being just fine. But they had the balls to do something that they felt was right. The joys of a privately owned company.

But didn't nVidia had a habit of pushing the vendors to the limits of not being profitable with tiny margins. So if a big part of your business is barely profitable killing it off is not the worst decision ever. Whereas I don't know the exact figures but isn't the EU market about as big or bigger than the US one (especially including countries outside the EU who basically follow the same rules for trading/market purposes)? And making phones clearly is very profitable for Apple. So killing off a massive chunk of highly profitable market and dropping a huge amount of market share would be a massively stupid move and is a completely different scenario to killing off a big chunk of business that might be big, but isn't actually very good. If it was still highly profitable EVGA would begrudgingly still be guzzling away at nVidia's parts.

 

[_Spinn_]

Glad to see these were patched.

 

[bw44]

So is 15.7.2 only available for devices that don’t support iOS 16 at all? It wasn't showing up for me on my 13 mini on 15.7.1 and there aren't any IPSWs for newer devices for me to force it. There seem to be conflicting reports on whether or not this is the case. I just don't want to check again because if it's not there, I really don't want to have to restore my phone (again) to get rid of the 'update available' harassment notifications.

Did I miss the answer to your question? I have an SE2 running 15.7.1 and it shows 16.2 as the only available update. Unlike my iPad, where I updated to 15.7.2 and was expecting to see the same for iOS.

 

[Avenged110]

Did I miss the answer to your question? I have an SE2 running 15.7.1 and it shows 16.2 as the only available update. Unlike my iPad, where I updated to 15.7.2 and was expecting to see the same for iOS.

No, but I’ve still been trying to find out. It’s been alleged that 15.7.2 is available for all iOS 15-supporting devices, but only showing up for OTA installation seemingly by random lottery (favoring the iPad). I haven’t tested this theory, but I’ve also heard that one could use the developer beta profile for iOS 15 to install the 15.7.2 RC (since it’s the same build) as the only way of ‘forcing’ it.

 

[bw44]

No, but I’ve still been trying to find out. It’s been alleged that 15.7.2 is available for all iOS 15-supporting devices, but only showing up for OTA installation seemingly by random lottery (favoring the iPad). I haven’t tested this theory, but I’ve also heard that one could use the developer beta profile for iOS 15 to install the 15.7.2 RC (since it’s the same build) as the only way of ‘forcing’ it.

Thanks for that. I don’t want to try to learn how to do what you suggest. I’m not a developer, but would just like the security fixes, without the bells and whistles of 16.2. (Not a power user!)

[Edit: Gordon Kelly, writing for Forbes, says “Here’s the catch: Apple iOS 15.7.2 and iPadOS 15.7.2 are only for iOS 15-compatible devices that are not compatible with iOS 16. This means iPhone 7, iPad mini 4 and older devices only.” Don’t know how he knows, but it would answer the question.]

 

[LV426]

Thanks for that. I don’t want to try to learn how to do what you suggest. I’m not a developer, but would just like the security fixes, without the bells and whistles of 16.2. (Not a power user!)

[Edit: Gordon Kelly, writing for Forbes, says “Here’s the catch: Apple iOS 15.7.2 and iPadOS 15.7.2 are only for iOS 15-compatible devices that are not compatible with iOS 16. This means iPhone 7, iPad mini 4 and older devices only.” Don’t know how he knows, but it would answer the question.]

iOS versions by device

 

[Avenged110]

Thanks for that. I don’t want to try to learn how to do what you suggest. I’m not a developer, but would just like the security fixes, without the bells and whistles of 16.2. (Not a power user!)

[Edit: Gordon Kelly, writing for Forbes, says “Here’s the catch: Apple iOS 15.7.2 and iPadOS 15.7.2 are only for iOS 15-compatible devices that are not compatible with iOS 16. This means iPhone 7, iPad mini 4 and older devices only.” Don’t know how he knows, but it would answer the question.]

Understandable. That said, for anyone else that might be curious, using a beta profile does not seem to work as it fails "verification" every time after downloading, at least for me. (Side note: Still absolute ******** that iOS requires a network connection to install an update, so I have to beg Apple for permission.)

 

[Vlad Soare]

30 security vulnerabilities? Thirty?!?!?! I would understand one or two, which might have been inadvertently added in a recent update, but thirty?
So, is iOS 16.2 really secure? Or shall we expect thirty more holes to be discovered next month and patched in 16.3 (or worse still, discovered next year and fixed in 17.3)?

 

[TriBruin]

30 security vulnerabilities? Thirty?!?!?! I would understand one or two, which might have been inadvertently added in a recent update, but thirty?
So, is iOS 16.2 really secure? Or shall we expect thirty more holes to be discovered next month and patched in 16.3 (or worse still, discovered next year and fixed in 17.3)?

Yes. if you are waiting Apple (or any company) can completely eliminate all security holes, then you will be waiting for ever. Some may exist now, and undiscovered. Others may be introduced in a future update.

 

[I7guy]

Understandable. That said, for anyone else that might be curious, using a beta profile does not seem to work as it fails "verification" every time after downloading, at least for me. (Side note: Still absolute ******** that iOS requires a network connection to install an update, so I have to beg Apple for permission.)

You still have to beg apple to install an update given an internet connection is required.

30 security vulnerabilities? Thirty?!?!?! I would understand one or two, which might have been inadvertently added in a recent update, but thirty?
So, is iOS 16.2 really secure? Or shall we expect thirty more holes to be discovered next month and patched in 16.3 (or worse still, discovered next year and fixed in 17.3)?

Definitely possible. Those in the know, know it’s a cat and mouse game.

 

[Avenged110]

30 security vulnerabilities? Thirty?!?!?! I would understand one or two, which might have been inadvertently added in a recent update, but thirty?
So, is iOS 16.2 really secure? Or shall we expect thirty more holes to be discovered next month and patched in 16.3 (or worse still, discovered next year and fixed in 17.3)?

If they stopped constantly changing everything, I'm sure there would be far fewer vulnerabilities like this. There's no need for a 'major' system update every single year as it leads to things like this. Especially since their security updates to not-the-current-version tend to be somewhat haphazard.

You still have to beg apple to install an update given an internet connection is required.

Yes, that's what I was talking about. It's ridiculous and should be handled like OS X updates.

 

[Vlad Soare]

Yes. if you are waiting Apple (or any company) can completely eliminate all security holes, then you will be waiting for ever. Some may exist now, and undiscovered. Others may be introduced in a future update.

Definitely possible. Those in the know, know it’s a cat and mouse game.

Of course, I get that. I do not expect them to fix all the security holes. I'm sure that's not possible.
But thirty??? That looks like Swiss cheese to me, to be honest. I expect a few holes here and there at any given point in time, but not dozens of them at once.

 

[bw44]

Apple would never exaggerate the number of security holes to encourage us to migrate to the next release level. (Would they?)

 

[unrigestered]

clownish impersonation

 

[I7guy]

Of course, I get that. I do not expect them to fix all the security holes. I'm sure that's not possible.
But thirty??? That looks like Swiss cheese to me, to be honest. I expect a few holes here and there at any given point in time, but not dozens of them at once.

Welp. Better they fix them then not.

 

[JosephAW]

iOS 16.2 did fix a few bugs but I just discovered a new one.
I had to send somebody a photo and I didn't want to include my location so in the photos app I edited the photo and set the location to none and I checked it after editing and it shows no location.

I emailed the photo and blind carbon copy myself and I look at the photo in the email and my location is back in the photo. Fail! Ugh

 

[DuckMe]

Understandable. That said, for anyone else that might be curious, using a beta profile does not seem to work as it fails "verification" every time after downloading, at least for me. (Side note: Still absolute ******** that iOS requires a network connection to install an update, so I have to beg Apple for permission.)

Did I miss the answer to your question? I have an SE2 running 15.7.1 and it shows 16.2 as the only available update. Unlike my iPad, where I updated to 15.7.2 and was expecting to see the same for iOS.

a little gift for christmas

[GUIDE] How to update to iOS 15.7.2 for iPhone 8/X/XR/XS/11/SE2/12/13/SE3