https://support.apple.com/en-us/HT207482
This document describes the security content of iOS 10.2.1.
iOS 10.2.1
Released January 23, 2017
Auto Unlock 自動解鎖問題
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch
6th generation and later
影響:當Apple watch離開你的手時仍然會自動解鎖
Impact: Auto Unlock may unlock when Apple Watch is off the user's wrist
Description: A logic issue was addressed through improved state management.
CVE-2017-2352: Ashley Fernandez of raptAware Pty Ltd
Contacts 聯絡人問題
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch
6th generation and later
影響:惡意的聯絡人資料卡可能造成程式中止
Impact: Processing a maliciously crafted contact card may lead to unexpected
application termination
Description: An input validation issue existed in the parsing of contact
cards. This issue was addressed through improved input validation.
CVE-2017-2368: Vincent Desmurs (vincedes3)
Kernel 內核
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch
6th generation and later
影響:程式利用內核的特殊權限任意執行程式碼
Impact: An application may be able to execute arbitrary code with kernel
privileges
Description: A buffer overflow issue was addressed through improved memory
handling.
CVE-2017-2370: Ian Beer of Google Project Zero
Kernel 內核
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch
6th generation and later
影響:程式利用內核的特殊權限任意執行程式碼
Impact: An application may be able to execute arbitrary code with kernel
privileges
Description: A use after free issue was addressed through improved memory
management.
CVE-2017-2360: Ian Beer of Google Project Zero
libarchive 資料庫封存問題
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch
6th generation and later
影響:打開惡意產生的封包可能導致程式碼任意執行
Impact: Unpacking a maliciously crafted archive may lead to arbitrary code
execution
Description: A buffer overflow issue was addressed through improved memory
handling.
CVE-2016-8687: Agostino Sarubbo of Gentoo
WebKit 問題
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch
6th generation and later
影響:處理惡意網站內容可能導致別的來源的資料流出
Impact: Processing maliciously crafted web content may exfiltrate data
cross-origin
Description: A prototype access issue was addressed through improved
exception handling.
CVE-2017-2350: Gareth Heyes of Portswigger Web Security
WebKit 問題
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch
6th generation and later
影響:處理惡意網站內容可能導致執行任何程式碼
Impact: Processing maliciously crafted web content may lead to arbitrary code
execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2017-2354: Neymar of Tencent's Xuanwu Lab (tencent.com) working with
Trend Micro's Zero Day Initiative
CVE-2017-2362: Ivan Fratric of Google Project Zero
CVE-2017-2373: Ivan Fratric of Google Project Zero
WebKit 問題
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch
6th generation and later
影響:處理惡意網站內容可能導致執行任何程式碼
Impact: Processing maliciously crafted web content may lead to arbitrary code
execution
Description: A memory initialization issue was addressed through improved
memory handling.
CVE-2017-2355: Team Pangu and lokihardt at PwnFest 2016
WebKit 問題
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch
6th generation and later
影響:處理惡意網站內容可能導致執行任何程式碼
Impact: Processing maliciously crafted web content may lead to arbitrary code
execution
Description: Multiple memory corruption issues were addressed through
improved input validation.
CVE-2017-2356: Team Pangu and lokihardt at PwnFest 2016
CVE-2017-2369: Ivan Fratric of Google Project Zero
CVE-2017-2366: Kai Kang of Tencent's Xuanwu Lab (tencent.com)
WebKit 問題
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch
6th generation and later
影響:處理惡意網站內容可能導致別的來源的資料流出
Impact: Processing maliciously crafted web content may exfiltrate data
cross-origin
Description: A validation issue existed in the handling of page loading. This
issue was addressed through improved logic.
CVE-2017-2363: lokihardt of Google Project Zero
CVE-2017-2364: lokihardt of Google Project Zero
WebKit 問題
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch
6th generation and later
影響:惡意網站可以打開彈出式視窗
Impact: A malicious website can open popups
Description: An issue existed in the handling of blocking popups. This was
addressed through improved input validation.
CVE-2017-2371: lokihardt of Google Project Zero
WebKit 問題
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch
6th generation and later
影響:處理惡意網站內容可能導致別的來源的資料流出
Impact: Processing maliciously crafted web content may exfiltrate data
cross-origin
Description: A validation issue existed in the handling of variable handling.
This issue was addressed through improved validation.
CVE-2017-2365: lokihardt of Google Project Zero
WiFi 問題
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch
6th generation and later
影響:有啟動鎖定的裝置可以在操作下短暫的顯示首頁
Impact: An activation-locked device can be manipulated to briefly present the
home screen
Description: An issue existed with handling user input that caused a device
to present the home screen even when activation locked. This was addressed
through improved input validation.
CVE-2017-2351: Sriram (@Sri_Hxor) of Primefort Pvt. Ltd., Hemanth Joseph
作者:
jatj 2017-01-24 06:22:00TL;DR
作者: st8740212 2017-01-24 08:34:00
貼上來沒翻譯沒解釋 洗文喔
複製貼上誰都會,內文完全沒有個人意見、看法或說明見解
作者:
zonhan (我願與妳共舞)
2017-01-24 08:47:00板規6
作者:
abram (科科)
2017-01-24 08:54:00嫩
作者: bbace 2017-01-24 08:58:00
噓你才怎麼了 發文不看版規
作者:
macho1223 (Macho1223)
2017-01-24 08:58:00快推不然以為我們不懂英文
作者:
bqmm (嵐)
2017-01-24 09:02:00Ctrl C + V 這樣也好意思一篇?
作者:
a258558 (MattJ)
2017-01-24 09:18:00呃...
作者:
pm2001 (做個盾牌眼球兵吧)
2017-01-24 09:39:00複製貼上的被噓 反觀只貼張截圖就沒問題 廠廠
作者:
s973311 (樹難爬)
2017-01-24 10:20:00欺負我沒讀書喔~ 奇怪捏
作者:
zx2998 2017-01-24 10:29:00推推
作者:
ImCPM (Heilo)
2017-01-24 10:39:00好可憐 幫你QQ 果粉不意外
作者:
vector (向量)
2017-01-24 10:47:00你貼這樣我直接去蘋果不是更快
跟上一篇一樣半斤八兩,反正這邊根本沒版主,貼什麼有差嗎
作者:
Paulbio (小便當)
2017-01-24 10:59:00我覺得有東西看不用去找,不錯啊
作者:
x850519 (小魯弟)
2017-01-24 11:47:00第一篇是情報,第二篇是洗文
作者: frank0908 2017-01-24 12:10:00
這個版素質真的越來越差了
作者:
pm2001 (做個盾牌眼球兵吧)
2017-01-24 12:15:00這篇至少把連結貼出來 情報量比上一篇多太多了
作者: frank0908 2017-01-24 12:16:00
而且這次的安全性更新本來就是10.2.1的核心
作者:
alwyss (MAI)
2017-01-24 12:27:00這個板的板主真的好好當喔
作者: wryyyyyyyy (蜥蜴長老) 2017-01-24 12:30:00
.
自己能力不好,不能去加強嗎,拿別人用好的資料來看,不就代表自己懶得找懶得看,比別人貼一張好多了吧
作者:
popo6307 (BananaLala)
2017-01-24 13:01:00推推
作者:
Achernar (My way)
2017-01-24 13:13:00原PO辛苦啦,這篇比前一篇來的實用
作者: abian (abian) 2017-01-24 13:31:00
前面的推文是什麼情形..
作者: j94223 (笨肌) 2017-01-24 13:36:00
推 很有用的情報文
作者:
tallolz (透)
2017-01-24 13:41:00本來是原文純複製貼上
作者: ken84929 (破軍★翼) 2017-01-24 15:27:00
幫推
作者:
miniwhy (口卡口卡 )
2017-01-24 15:50:00幫推 有翻譯了
作者:
AHAJAY (阿哈J)
2017-01-24 16:42:00隨便都比一堆廢文好
作者:
NinOAQ (妮OuO/)
2017-01-24 16:50:00推補翻譯
作者: shenyang (身癢抓抓) 2017-01-24 16:58:00
推
作者:
WuMOS (Ian)
2017-01-24 17:36:00推翻譯
作者: fyso (sophie1iao) 2017-01-24 17:47:00
推
作者:
altria27 (altria27)
2017-01-24 17:52:00前面那篇什麼都沒提到 這篇內容都有 有啥好虛..
作者: gary21617mvp (ToroChip) 2017-01-24 17:56:00
推
推好心翻譯噓的人是因爲一開始沒翻譯,看不懂才噓的吧
作者:
ninewords (全世界的人都很悲傷)
2017-01-24 18:25:00看了噓的幾樓,真是笑死我了,原來腦袋可以這樣用
作者:
pm2001 (做個盾牌眼球兵吧)
2017-01-24 20:02:00一開始就算只有英文 至少有付官方連結我想不管怎樣都比截圖好
作者: cleanesty 2017-01-24 20:33:00
語言不合
作者:
HCHsiang (金城武是我)
2017-01-24 20:56:00推
作者: baibaizo 2017-01-24 21:25:00
讚
作者:
snowgod (北極熊的鄰居)
2017-01-24 22:19:00補
作者:
SimACC (didbib)
2017-01-24 22:55:00補
作者:
kevinee ( )
2017-01-25 00:15:00推 前面的噓文很有事
作者:
Vek1112 (喔登登)
2017-01-25 02:19:00讚
作者: bestneil (青柚) 2017-01-25 03:09:00
補血
作者: McDownlaw (我就是愛大麥克) 2017-01-25 03:48:00
推
作者: DKPCOFGS (Eight) 2017-01-25 08:16:00
怪了 國民教育沒教英文嗎?
作者:
mars1396 (mars1396)
2017-01-25 08:35:00補血
作者:
baronmax (songyy)
2017-01-25 10:11:00補血
作者:
mienchin (帕爾摩斯兔子)
2017-01-25 12:24:00推推
作者:
clop (月餅狗)
2017-01-25 12:56:00前面的噓文有什麼事
作者: jimmythepeng (NTUpenguin) 2017-01-26 18:08:00
補推
作者:
XDDDD5566 (我絕對沒偷吃實驗室點心)
2017-01-28 03:29:00OuO 好兇
作者:
aifam (忙~所有問題我會擇空回答)
2017-01-28 07:57:00噓文的人,你們還好嗎?
作者:
Feases (<( ̄︶ ̄)>)
2017-01-28 22:59:00滿好的
作者: yoo31805 (Q毛) 2017-01-29 18:45:00
這篇充實多了,感謝原po分享