iOS 10.3.2 Update Stops eBooks in iBooks from Hacking Your iPad

When I raised the alarm four years back that your mobile device could be hacked by an Epub3 ebook and turned into a botnet slave, many people called me alarmist and hysterical.

The latest update for iOS would suggest that I wasn't crazy so much as ahead of my time.

iOS 10.3.2 Update Stops eBooks in iBooks from Hacking Your iPad e-Reading Software iBooks iDevice

From The Register:

Apple has released security updates for both of its main operating systems, along with iTunes, Apple Watch, and Apple TV. All should be installed as soon as possible before they are exploited by miscreants.

The updates, numbering seven in total, include fixes for security vulnerabilities in the Safari browser and WebKit engine.

For iPhone and iPad, Apple has kicked out iOS 10.3.2. The update addresses a total of 41 CVE-listed vulnerabilities in the mobile OS, with 23 of those being flaws in WebKit, including 17 that allow for remote code execution through malicious webpages and five that enable cross-site scripting attacks.

Other holes addressed in iOS 10.3.2 include CVE-2017-2498, which Apple termed "a certificate validation issue existed in the handling of untrusted certificates" and a pair of flaws in iBooks (CVE-2017-2497, CVE-2017-6981) that allow ebooks to open arbitrary websites and execute code with root privilege.

What's rather interesting about these security holes is that experts had told me four years ago that Apple had blocked ebooks from opening external websites on their own as a security measure.

The security exploits Apple fixed this was week would have let hackers compromise iPads and iPhones. That was one of the problems Apple had wanted to prevent, but apparently iBooks's security was not as solid as everyone had believed.

Nate Hoffelder

View posts by Nate Hoffelder
Nate Hoffelder is the founder and editor of The Digital Reader: He's here to chew bubble gum and fix broken websites, and he is all out of bubble gum. He has been blogging about indie authors since 2010 while learning new tech skills at the drop of a hat. He fixes author sites, and shares what he learns on The Digital Reader's blog. In his spare time, he fosters dogs for A Forever Home, a local rescue group.

2 Comments

  1. […] iOS 10.3.2 Update Stops eBooks in iBooks from Hacking Your iPad (The Digital Reader) […]

    Reply
  2. […] — ?????????????? ????????????? Apple. ???????? ????????? ?????????? iOS, ??????????? ???? ? ????????????, […]

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll to top
%d bloggers like this: