Apple has released iOS 10.2, fixing 12 security vulnerabilities in the mobile operating system, including two bugs that could lead to arbitrary code execution.
The more serious of the code-execution flaws is related to the way that iOS handles certificates. The bug could allow an attacker to use a malicious certificate to gain code execution on a target iOS device.
“Opening a maliciously crafted certificate may lead to arbitrary code execution. A memory corruption issue existed in the handling of certificate profiles. This issue was addressed through improved input validation,” Apple said in its advisory for the security content of iOS 10.2.
The other vulnerability that could lead to code execution lies in the way iOS validates some USB devices.
“A malicious HID device may be able to cause arbitrary code execution. A validation issue existed in the handling of USB image devices. This issue was addressed through improved input validation,” Apple said.
In beta versions of 10.2, Apple made a change to the way that it handled the local backups on iOS devices. After the release of iOS 10 in September, researchers discovered that the company had modified its encryption scheme for local backups, inadvertently making the backup password much easier to crack. Apple rectified that in the newest release.
Among the other issues fixed in iOS 10.2 is an interesting vulnerability that a local attacker could use to bypass the lock screen passcode on a device. This bug was the result of a problem with the counter in the OS, which, in some cases, would allow more passcode attempts than it should when the passcode was being reset. That bug is in the SpringBoard component of iOS, which handles the home screen. There’s a second vulnerability in SpringBoard fixed in this release, a bug that could allow someone with physical access to keep a device unlocked.
Apple also fixed a well-known problem that allowed anyone with access to a device to access the contacts and photos on the device from the lock screen.