iOS 10.3.2 Update Stops eBooks in iBooks from Hacking Your iPad
The latest update for iOS would suggest that I wasn’t crazy so much as ahead of my time.
From The Register:
Apple has released security updates for both of its main operating systems, along with iTunes, Apple Watch, and Apple TV. All should be installed as soon as possible before they are exploited by miscreants.
The updates, numbering seven in total, include fixes for security vulnerabilities in the Safari browser and WebKit engine.
For iPhone and iPad, Apple has kicked out iOS 10.3.2. The update addresses a total of 41 CVE-listed vulnerabilities in the mobile OS, with 23 of those being flaws in WebKit, including 17 that allow for remote code execution through malicious webpages and five that enable cross-site scripting attacks.
Other holes addressed in iOS 10.3.2 include CVE-2017-2498, which Apple termed "a certificate validation issue existed in the handling of untrusted certificates" and a pair of flaws in iBooks (CVE-2017-2497, CVE-2017-6981) that allow ebooks to open arbitrary websites and execute code with root privilege.
What’s rather interesting about these security holes is that experts had told me four years ago that Apple had blocked ebooks from opening external websites on their own as a security measure.
The security exploits Apple fixed this was week would have let hackers compromise iPads and iPhones. That was one of the problems Apple had wanted to prevent, but apparently iBooks’s security was not as solid as everyone had believed.