About the Feature and Bugs fix of iOS 10.1
Released October 24, 2016
Camera and Photos
– Introduces Portrait Camera for iPhone 7 Plus that creates a depth effect that keeps your subject sharp while creating a beautifully blurred background (beta)
– People names in the Photos app are saved in iCloud backups
– Improved the display of wide color gamut photos in the grid views of the Photos app
– Fixes an issue where opening the Camera app would show a blurred or flashing screen for some users
– Fixes an issue that caused Photos to quit for some users when turning on iCloud Photo Library
Maps
– Transit support for every major train, subway, ferry, and national bus line, as well as local bus systems for Tokyo, Osaka, and Nagoya
– Sign-based transit navigation including layouts of all underground structures and walkways that connect large transit stations
– Transit fare comparison when viewing alternative transit routes
Messages
– New option to replay bubble and full screen effects
– Messages effects can play with Reduce Motion enabled
– Fixes an issue that could lead to contact names appearing incorrectly in Messages
– Addresses an issue where Messages could open to a white screen
– Addresses an issue that could prevent the report junk option from displaying with unknown senders
– Fixes an issue where videos captured and sent in the Messages app could be missing audio
Apple Watch
– Adds distance and average pace to workout summaries in the Activity app for outdoor wheelchair run pace and outdoor wheelchair walk pace
– Fixes issues that may have prevented Music playlists from syncing to Apple Watch
– Addresses an issue that was preventing invitations and data to appear in Activity Sharing
– Fixes an issue that was allowing Activity Sharing to update over cellular when manually disabled
– Resolves an issue that was causing some third-party apps to crash when inputting text
Other improvements and fixes
– Improves Bluetooth connectivity with 3rd party accessories
– Improves AirPlay Mirroring performance when waking a device from sleep
– Fixes an issue where playback would not work for iTunes purchased content when the “Show iTunes Purchases” setting is turned off
– Fixes an issue where certain selfie apps and face filters used with the FaceTime HD camera on iPhone 7 and iPhone 7 Plus did not display a live preview
– Fixes an issue in Health where individual strokes are converted to separate characters when using the Chinese handwriting keyboard
– Improves performance of sharing websites from Safari to Messages
– Fixes an issue in Safari that caused web previews in tab view to not display correctly
– Fixes an issue that caused certain Mail messages to be reformatted with very small text
– Fixes an issue that caused some HTML email to be formatted incorrectly
– Fixes an issue that in some cases caused the search field to disappear in Mail
– Fixes an issue that could prevent Today View Widgets from updating when launched
– Fixes an issue where Weather widget sometimes failed to load data
– Fixes an issue on iPhone 7 where Home Button click settings would not appear in search results
– Fixes an issue that prevented spam alert extensions from blocking calls
– Resolves an issue that could prevent alarm sounds from going off
– Fixes an issue where audio playback via Bluetooth would cause the Taptic engine to stop providing feedback for some users
– Resolves an issue preventing some users from restoring from iCloud Backup
About the security content of iOS 10.1
iOS 10.1
CFNetwork Proxies
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to leak sensitive user information
Description: A phishing issue existed in the handling of proxy credentials. This issue was addressed by removing unsolicited proxy password authentication prompts.
CVE-2016-7579: Jerry Decime
CoreGraphics
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later
Impact: Viewing a maliciously crafted JPEG file may lead to arbitrary code execution
Description: A memory corruption issue was addressed through improved memory handling.
CVE-2016-4673: Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent
FaceTime
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to cause a relayed call to continue transmitting audio while appearing as if the call terminated
Description: User interface inconsistencies existed in the handling of relayed calls. These issues were addressed through improved FaceTime display logic.
CVE-2016-4635: Martin Vigo (@martin_vigo) of salesforce.com
FontParser
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later
Impact: Parsing a maliciously crafted font may disclose sensitive user information
Description: An out-of-bounds read was addressed through improved bounds checking.
CVE-2016-4660: Ke Liu of Tencent’s Xuanwu Lab
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later
Impact: An application may be able to disclose kernel memory
Description: A validation issue was addressed through improved input sanitization.
CVE-2016-4680: Max Bazaliy of Lookout and in7egral
libarchive
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later
Impact: A malicious archive may be able to overwrite arbitrary files
Description: An issue existed within the path validation logic for symlinks. This issue was addressed through improved path sanitization.
CVE-2016-4679: Omer Medan of enSilo Ltd
libxpc
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with root privileges
Description: A logic issue was addressed through additional restrictions.
CVE-2016-4675: Ian Beer of Google Project Zero
Sandbox Profiles
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later
Impact: An application may be able to retrieve metadata of photo directories
Description: An access issue was addressed through additional sandbox restrictions on third party applications.
CVE-2016-4664: Razvan Deaconescu, Mihai Chiroiu (University POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi (TU Darmstadt)
Sandbox Profiles
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later
Impact: An application may be able to retrieve metadata of audio recording directories
Description: An access issue was addressed through additional sandbox restrictions on third party applications.
CVE-2016-4665: Razvan Deaconescu, Mihai Chiroiu (University POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi (TU Darmstadt)
Security
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later
Impact: A local attacker can observe the length of a login password when a user logs in
Description: A logging issue existed in the handling of passwords. This issue was addressed by removing password length logging.
CVE-2016-4670: Daniel Jalkut of Red Sweater Software
System Boot
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later
Impact: A local user may be able to cause an unexpected system termination or arbitrary code execution in the kernel
Description: Multiple input validation issues existed in MIG generated code. These issues were addressed through improved validation.
CVE-2016-4669: Ian Beer of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: Multiple memory corruption issues were addressed through improved memory handling.
CVE-2016-4666: Apple
CVE-2016-4677: An anonymous researcher working with Trend Micro’s Zero Day Initiative
