Installation and Compatible Devices
iOS 10.3.2 is available for download as an Over The Air (OTA) update for all:
- iPhone 5 or later (There are rumors that this update may not be compatible with the existing 32-bit iOS devices. If this is so, the supported devices list may start from the iPhone 5s onwards. I will update this section of the blog post once it has been confirmed.)
- iPad 4th Generation or later
- iPod Touch 6th Generation or later
An over-the-air update is a software update that is distributed over Wi-Fi or mobile broadband instead of requiring the user to connect the device to a computer via USB to perform the update.
The file size for this update, according to my device, is around 195 MB. So it’s not too big of a download.
It is also available via iTunes.
Before using either method, I highly recommend doing an iCloud backup of all your data (just in case). You can find the steps on how to do so here.
More than just Bug Fixes and Improvements
This update targets several vulnerabilities across different parts of the OS, such as:
- AVEVideoEncoder, IOSurface, TextInput
Addresses a memory corruption issue with improved memory handling, in order to prevent third party applications to gain kernel privileges.
CoreAudio and Kernel
Addresses a validation issue with improved sanitization, preventing third party applications from reading restricted memory.
Fixes a URL handling issue through improved state management. Provides guarding against maliciously crafted books opening arbitrary websites without user permission. It also solves existing issue within the path validation logic for symbolic links (symlinks) via improved path sanitization. Protects from third party applications being able to execute arbitrary code with root privileges.
Addresses a race condition through improved locking. Prevents third party applications from executing arbitrary code with kernel privileges.
Addresses a denial of service (DoS) issue through improved memory handling. Reduces the likeliness of malicious applications succeeding in a DoS attack.
Solves an issue in the browser’s history menu through improved memory handling, in favor of DoS protection.
Updates the certificate trust policy.
Fixes a “use after free” and a buffer overflow issue, via improved memory management.
Enhances input validation.
Adresses multiple memory corruption issues, via improved memory handling. As well as a logic issue which existed in the handling of:
– WebKit Editor commands
– container nodes
– pageshow events
– cached frames
– frame loading
It does this via improved state management.
If you enjoyed this blog post or found it helpful in any way, make sure to follow me on Twitter to find out when a new one is available.