Re: [情報] IOS 10.2.1 正式版推出

作者kyle5241 (kyle)

看板iPhone

標題Re: [情報] IOS 10.2.1 正式版推出

時間Tue Jan 24 05:30:37 2017

https://support.apple.com/en-us/HT207482 This document describes the security content of iOS 10.2.1. iOS 10.2.1 Released January 23, 2017 Auto Unlock 自動解鎖問題 Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later 影響：當Apple watch離開你的手時仍然會自動解鎖 Impact: Auto Unlock may unlock when Apple Watch is off the user's wrist Description: A logic issue was addressed through improved state management. CVE-2017-2352: Ashley Fernandez of raptAware Pty Ltd Contacts 聯絡人問題 Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later 影響：惡意的聯絡人資料卡可能造成程式中止 Impact: Processing a maliciously crafted contact card may lead to unexpected application termination Description: An input validation issue existed in the parsing of contact cards. This issue was addressed through improved input validation. CVE-2017-2368: Vincent Desmurs (vincedes3) Kernel 內核 Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later 影響：程式利用內核的特殊權限任意執行程式碼 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow issue was addressed through improved memory handling. CVE-2017-2370: Ian Beer of Google Project Zero Kernel 內核 Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later 影響：程式利用內核的特殊權限任意執行程式碼 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed through improved memory management. CVE-2017-2360: Ian Beer of Google Project Zero libarchive 資料庫封存問題 Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later 影響：打開惡意產生的封包可能導致程式碼任意執行 Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution Description: A buffer overflow issue was addressed through improved memory handling. CVE-2016-8687: Agostino Sarubbo of Gentoo WebKit 問題 Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later 影響：處理惡意網站內容可能導致別的來源的資料流出 Impact: Processing maliciously crafted web content may exfiltrate data cross-origin Description: A prototype access issue was addressed through improved exception handling. CVE-2017-2350: Gareth Heyes of Portswigger Web Security WebKit 問題 Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later 影響：處理惡意網站內容可能導致執行任何程式碼 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2017-2354: Neymar of Tencent's Xuanwu Lab (tencent.com) working with Trend Micro's Zero Day Initiative CVE-2017-2362: Ivan Fratric of Google Project Zero CVE-2017-2373: Ivan Fratric of Google Project Zero WebKit 問題 Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later 影響：處理惡意網站內容可能導致執行任何程式碼 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory initialization issue was addressed through improved memory handling. CVE-2017-2355: Team Pangu and lokihardt at PwnFest 2016 WebKit 問題 Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later 影響：處理惡意網站內容可能導致執行任何程式碼 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved input validation. CVE-2017-2356: Team Pangu and lokihardt at PwnFest 2016 CVE-2017-2369: Ivan Fratric of Google Project Zero CVE-2017-2366: Kai Kang of Tencent's Xuanwu Lab (tencent.com) WebKit 問題 Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later 影響：處理惡意網站內容可能導致別的來源的資料流出 Impact: Processing maliciously crafted web content may exfiltrate data cross-origin Description: A validation issue existed in the handling of page loading. This issue was addressed through improved logic. CVE-2017-2363: lokihardt of Google Project Zero CVE-2017-2364: lokihardt of Google Project Zero WebKit 問題 Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later 影響：惡意網站可以打開彈出式視窗 Impact: A malicious website can open popups Description: An issue existed in the handling of blocking popups. This was addressed through improved input validation. CVE-2017-2371: lokihardt of Google Project Zero WebKit 問題 Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later 影響：處理惡意網站內容可能導致別的來源的資料流出 Impact: Processing maliciously crafted web content may exfiltrate data cross-origin Description: A validation issue existed in the handling of variable handling. This issue was addressed through improved validation. CVE-2017-2365: lokihardt of Google Project Zero WiFi 問題 Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later 影響：有啟動鎖定的裝置可以在操作下短暫的顯示首頁 Impact: An activation-locked device can be manipulated to briefly present the home screen Description: An issue existed with handling user input that caused a device to present the home screen even when activation locked. This was addressed through improved input validation. CVE-2017-2351: Sriram (@Sri_Hxor) of Primefort Pvt. Ltd., Hemanth Joseph -- ※ 發信站: 批踢踢實業坊(ptt.cc), 來自: 131.215.107.226 ※ 文章網址: https://www.ptt.cc/bbs/iPhone/M.1485207039.A.B60.html

→ jatj: TL;DR01/24 06:22

噓 othersHTC92: 不要上來丟臉了好嗎你懂英文嗎01/24 08:02

噓 z8632100: 我英文素質低落 01/24 08:25

噓 rock1331: 可以桶他嗎？01/24 08:27

噓 dannyace: 貼這幹嘛01/24 08:27

→ kyle5241: iOS 10.2.1 的更新內容啊......01/24 08:31

※ 編輯: kyle5241 (206.117.40.12), 01/24/2017 08:32:25

噓 st8740212: 貼上來沒翻譯沒解釋洗文喔 01/24 08:34

→ kyle5241: 這個版是怎麼回事...... 01/24 08:34

噓 haleytll: 複製貼上誰都會，內文完全沒有個人意見、看法或說明見 01/24 08:41

→ haleytll: 解 01/24 08:41

→ zonhan: 板規6 01/24 08:47

噓 celtics1997: . 01/24 08:50

噓 oopsskimo: 板龜6c 01/24 08:51

→ kuso10582: 都用這麼久的ptt了，難道不知道不行複製貼上嗎？ 01/24 08:52

噓 abram: 嫩 01/24 08:54

噓 bbace: 噓你才怎麼了發文不看版規 01/24 08:58

推 macho1223: 快推不然以為我們不懂英文 01/24 08:58

噓 othersHTC92: 喔好棒棒喔你懂英文好厲害 01/24 08:59

推 hhh1234321: 我竟然看得懂......(噗~~~) 01/24 09:00

噓 bqmm: Ctrl C + V 這樣也好意思一篇？ 01/24 09:02

→ horseorange: 所以鬧鐘修好了沒?（x 01/24 09:03

噓 a258558: 呃... 01/24 09:18

推 pm2001: 複製貼上的被噓反觀只貼張截圖就沒問題廠廠 01/24 09:39

噓 Grady1979: 我才想問你是怎麼回事咧.... 01/24 09:53

→ ichen30259: 所以勿擾模式修好了沒？ 01/24 09:56

噓 HOME8869: 什麼叫他媽的驚喜 01/24 09:57

噓 kobe7610: 87 01/24 09:58

噓 s973311: 欺負我沒讀書喔~ 奇怪捏 01/24 10:20

推 zx2998: 推推 01/24 10:29

推 chrislt2322: 好啦幫搬運工補個血 01/24 10:37

推 ImCPM: 好可憐幫你QQ 果粉不意外 01/24 10:39

噓 vector: 你貼這樣我直接去蘋果不是更快 01/24 10:47

噓 yangchenyue: 我傻眼XD 01/24 10:48

噓 mango314: 跟上一篇一樣半斤八兩,反正這邊根本沒版主,貼什麼有差嗎 01/24 10:54

推 Paulbio: 我覺得有東西看不用去找，不錯啊 01/24 10:59

推 tomodachiwen: 為什麼要噓？ 01/24 11:43

噓 x850519: 第一篇是情報，第二篇是洗文 01/24 11:47

推 frank0908: 這個版素質真的越來越差了 01/24 12:10

→ frank0908: 這篇看似洗文章其實重要性不亞於更新的情報 01/24 12:12

推 frank0908: 個人認為安全性更新非常重要必須像有原po這樣的好人 01/24 12:14

→ frank0908: 跟大家分享 01/24 12:14

推 pm2001: 這篇至少把連結貼出來情報量比上一篇多太多了 01/24 12:15

推 frank0908: 而且這次的安全性更新本來就是10.2.1的核心 01/24 12:16

※ 編輯: kyle5241 (131.215.107.226), 01/24/2017 12:35:03

→ alwyss: 這個板的板主真的好好當喔 01/24 12:27

噓 wryyyyyyyy: . 01/24 12:30

推 a0913865175: 推個補血 01/24 12:40

推 ernie0112: 自己能力不好，不能去加強嗎，拿別人用好的資料來看， 01/24 12:55

→ ernie0112: 不就代表自己懶得找懶得看，比別人貼一張好多了吧 01/24 12:55

推 popo6307: 推推 01/24 13:01

推 Achernar: 原PO辛苦啦，這篇比前一篇來的實用 01/24 13:13

推 abian: 前面的推文是什麼情形.. 01/24 13:31

推 j94223: 推很有用的情報文 01/24 13:36

推 tallolz: 本來是原文純複製貼上 01/24 13:41

推 LBJ2ndKing: 前面想帶風向？ 01/24 14:13

→ kyle5241: 我莫名奇妙被噓，明明這是比較重要的資訊.... 01/24 14:40

推 alanalan2007: 推回來，明明前面那篇才沒用，這篇很多資訊。 01/24 15:04

推 ken84929: 幫推 01/24 15:27

推 miniwhy: 幫推有翻譯了 01/24 15:50

推 johnny1229: 上面是在噓什麼？ 01/24 16:11

推 allan0926: 謝謝分享 01/24 16:14

推 AHAJAY: 隨便都比一堆廢文好 01/24 16:42

推 NinOAQ: 推補翻譯 01/24 16:50

→ shenyang: 推 01/24 16:58

推 WuMOS: 推翻譯 01/24 17:36

推 fyso: 推 01/24 17:47

推 altria27: 前面那篇什麼都沒提到這篇內容都有有啥好虛.. 01/24 17:52

推 gary21617mvp: 推 01/24 17:56

推 nicegigi: 推好心翻譯 01/24 18:07

推 nicegigi: 噓的人是因爲一開始沒翻譯，看不懂才噓的吧 01/24 18:09

推 ninewords: 看了噓的幾樓，真是笑死我了，原來腦袋可以這樣用 01/24 18:25

推 ppstyle7: 原po一開始只有將英文全部貼上，翻譯是後來才加的 01/24 18:42

推 shihhhpin: 推推 01/24 19:50

推 pm2001: 一開始就算只有英文至少有付官方連結 01/24 20:02

→ pm2001: 我想不管怎樣都比截圖好 01/24 20:02

噓 cleanesty: 語言不合 01/24 20:33

推 HCHsiang: 推 01/24 20:56

推 tomodachiwen: 再推一次前面噓的真的很有趣 01/24 21:06

推 baibaizo: 讚 01/24 21:25

推 crayon123: 補血。上面不知道在噓什麼 01/24 21:35

推 jerry255701: 幫補血 01/24 21:42

推 BlueIceBeer: 幫補血，原PO別介意，就是有一堆沒知識的秀下限 01/24 21:47

推 snowgod: 補 01/24 22:19

推 a87992772: ？噓啥 01/24 22:22

推 SimACC: 補 01/24 22:55

推 DarrenKuo: 補血 01/24 22:58

推 alins1999: 辛苦原PO。 01/24 23:13

推 kevinee: 推前面的噓文很有事 01/25 00:15

推 Vek1112: 讚 01/25 02:19

推 st880517: 幫補一發 01/25 02:36

推 bestneil: 補血 01/25 03:09

推 ss15669659: 推 01/25 03:32

推 McDownlaw: 推 01/25 03:48

推 Rammus1111: 前面的還好嗎...？這明明很有用啊 01/25 04:31

推 AirRider: 一堆玻璃心看不懂亂噓，上一篇怎不噓？助推一個 01/25 05:25

推 DKPCOFGS: 怪了國民教育沒教英文嗎？ 01/25 08:16

推 mars1396: 補血 01/25 08:35

推 young199517: 前面都玻璃心喔幫補 01/25 09:50

推 baronmax: 補血 01/25 10:11

推 CraziPhone: ﴿ 01/25 11:34

推 mienchin: 推推 01/25 12:24

推 kevin11tw: 補血推 01/25 12:28

推 clop: 前面的噓文有什麼事 01/25 12:56

推 cheche0512: 第一篇那樣才誇張吧 01/25 12:59

推 keeper036: 從古至今語言是造成戰爭的重要關鍵XD 01/25 13:55

推 eric45670: 笑看那些英文不好亂炮的 01/25 14:43

推 w5151381guy: 前面那些人亂噓在秀下限?自己看不懂就亂噓別人廠廠 01/25 15:39

推 jimmythepeng: 補推 01/26 18:08

推 kentplay: 覺得很有幫助阿 01/27 22:54

推 XDDDD5566: OuO 好兇 01/28 03:29

推 aifam: 噓文的人，你們還好嗎？ 01/28 07:57

推 Feases: 滿好的 01/28 22:59

推 yoo31805: 這篇充實多了，感謝原po分享 01/29 18:45

推 summeruse: 因為前面的看不懂英文哈哈 01/31 00:25

推 andy79323: 一堆看不懂英文在悲憤噓文 01/31 13:05

推 LewisRong: 蠻好的文啊 02/01 02:00

推 conanhide: 英文都看不懂，一定是9.2 02/01 12:44