Skip to main content

Why the feature-light iOS 9.2.1 security update matters

Three days ago Apple released an iOS 9.2.1 update with seemingly arbitrary ‘security updates and bug fixes’ listed in the release notes. As we’ve seen time and time again with these type of software updates, most often these small updates seem to go ignored by the general public. We stress how important it is to keep your device up to date, even with small security updates like this.

As is customary after Apple releases a security update version of iOS, the firms and people that discovered the vulnerabilities are coming out explaining how and why these security updates matter. Apple has already included a breakdown of what security issues were resolved in iOS 9.2.1, but it’s still nice to get a further detailed look into what made the vulnerabilities possible in the first place.

SkyCure, a company helping in threat defense in EMM and MDM solutions, released a blog post this week detailing their discovery while noting that Apple had finally resolved it.

The security issue (CVE-2016-1730) was reported back in June of 2013, but SkyCure notes that it was a more complicated issue to fix than one would imagine. SkyCure’s discovery relates to the way iOS handles cookies when connecting to a malicious captive-enabled Wi-Fi network. You may have seen these types of networks if you’ve ever connected to a hotel, airport or Starbucks network.

On Thursday, security researchers at Zimperium zLabs had also released a report analyzing how their vulnerability (CVE-2016-1722) was discovered. This vulnerability appears to have taken less than two months to resolve. Zimperium’s discovery revolved around a heap buffer overflow in syslogd that would allow an attacker to have elevated privileges or even perform remote code execution (although this would require the device to be on an already trusted Wi-Fi network).

As the desire for better security, privacy, and encryption increases, I welcome the security researchers’ work and Apple’s “minor” update. Even if they don’t include any exciting new features, like new emoji.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

  1. applewatch20152015 - 8 years ago

    I’m running the iOS 9.3 public beta…does anyone know if these security updates are in that release?

    By the way, I’ve had zero issues with the 9.3 public beta. Rock solid and Night Shift is awesome. One bug remains though…whenever I open my first tab in the background in Safari, the app freezes. I have to force close it and then reopen Safari. F**king frustrating because it happens like 10 times per day.

    • Greg Barbosa - 8 years ago

      That’s a great question. I never knew how Apple handled these situations. According to current release notes (http://adcdownload.apple.com/iOS/iOS_9.3_beta_Configuration_Profile/iOS_9.3_beta_Release_Notes.pdf) it makes no mention to security updates in iOS 9.3. My assumption is that iOS 9.3 Beta 2 may include them, but even then I’m not sure if they’ll post that information into the release notes.

    • Justin Crompton - 8 years ago

      I love how Apple ridicules the Jailbreak community, but then rips features off from tweaks and puts them in the iOS. “Night Shift” is a direct rip off of F.Lux which has been around for years.

      • Fred von Stein - 8 years ago

        Apple doesn’t ridicule the Jailbreak community… they actually give credit to them (literally, its in the release notes) for finding vulnerabilities in their software and patching them. What they don’t do, and it’s just the flavor of cake that Apple serves, is allow outside parties to make significant changes to their products that create customized user experiences; Apple wants to control the hardware AND the software. Part of that is a good thing, because they set a high standards bar on the user experience, and most of the time things “just work”. That’s great for 90% of the population who just want to use their products and not tweak them to be better. The flip side of it views this as a bad thing because for those users that WANT to modify their user experience they can’t. Yes, “Night Shift” is a direct rip off of F.lux, and Apple actually blocked F.Lux from being able to be installed on iDevices so that Apple could make “Night Shift”, and there are numerous other examples from the JB community of code that they took and adapted as their own. And that is Apple’s game – block the competition and offer the Apple Version of it. But that isn’t anything that most businesses do all over the world since the beginning of time.

      • applewatch20152015 - 8 years ago

        That’s right, Apple doesn’t ridicule the jailbreakers. I believe that the dude who made the quick text notification banner thing for jailbreaks was actually hired by Apple. Then his jailbreak made it into the next iOS version. Sounds like respect to me.

  2. Mark Pettersson - 8 years ago

    When congress, the UK or another government pass a law demanding access to encrypted data.
    It will surely be implemented with a non disclosure agreement, relating to national security and may go further than simply encription.

    So Apple won’t be able to inform the public or its users of such.

    But I am sure that no matter which update it will be, it shall be heavily promoted as a update the public really need to make.
    Be it a new OS, a security update and so on.

  3. Tom Hank - 8 years ago

    It is becoming too much complicated. Why you need to worry too much about using this feature.I really appreciate this initiative of Apple. But honestly, I don’t like this feature. This orange color screen is really irritating. If I am using this night shift mode, it can help me only at the time of night. What about day time? I think we must use blue light protector for our own safety. I have bee using “ocushield” screen protector for last three months. I am happy with its performance.

    • verizon2828 - 8 years ago

      It’s only SUPPOSED to help you at night…that’s why it’s called Night Shift. ;) And you don’t have to use it at all…just leave the feature off. If you DO want to use it, you can schedule it for specific times and adjust the intensity of the warm tone. At night, it definitely takes some stress off of the eyes. I upgraded to the public beta specifically for this feature and love it. I had f.lux on my jailbroken iPhone years ago.