iOS 10.3.2 Update Stops eBooks in iBooks from Hacking Your iPad

When I raised the alarm four years back that your mobile device could be hacked by an Epub3 ebook and turned into a botnet slave, many people called me alarmist and hysterical.

The latest update for iOS would suggest that I wasn't crazy so much as ahead of my time.

iOS 10.3.2 Update Stops eBooks in iBooks from Hacking Your iPad e-Reading Software iBooks iDevice

From The Register:

Apple has released security updates for both of its main operating systems, along with iTunes, Apple Watch, and Apple TV. All should be installed as soon as possible before they are exploited by miscreants.

The updates, numbering seven in total, include fixes for security vulnerabilities in the Safari browser and WebKit engine.

For iPhone and iPad, Apple has kicked out iOS 10.3.2. The update addresses a total of 41 CVE-listed vulnerabilities in the mobile OS, with 23 of those being flaws in WebKit, including 17 that allow for remote code execution through malicious webpages and five that enable cross-site scripting attacks.

Other holes addressed in iOS 10.3.2 include CVE-2017-2498, which Apple termed "a certificate validation issue existed in the handling of untrusted certificates" and a pair of flaws in iBooks (CVE-2017-2497, CVE-2017-6981) that allow ebooks to open arbitrary websites and execute code with root privilege.

What's rather interesting about these security holes is that experts had told me four years ago that Apple had blocked ebooks from opening external websites on their own as a security measure.

The security exploits Apple fixed this was week would have let hackers compromise iPads and iPhones. That was one of the problems Apple had wanted to prevent, but apparently iBooks's security was not as solid as everyone had believed.

About Nate Hoffelder (9906 Articles)
Nate Hoffelder is the founder and editor of The Digital Reader:"I've been into reading ebooks since forever, but I only got my first ereader in July 2007. Everything quickly spiraled out of control from there. Before I started this blog in January 2010 I covered ebooks, ebook readers, and digital publishing for about 2 years as a part of MobileRead Forums. It's a great community, and being a member is a joy. But I thought I could make something out of how I covered the news for MobileRead, so I started this blog."

2 Trackbacks & Pingbacks

  1. Paul Biba’s eBook, eLibrary, and ePublishing news compilation for week ending Friday, May 19 | The Digital Reader
  2. ??????????????? ???????, ???????????? ???????????? ? ?????? ?????????????? |

Leave a comment

Your email address will not be published.


This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: