Apple Releases iOS 10.1 With New Portrait Mode for iPhone 7 Plus

admin
admin

 

clipboard01

About the Feature and Bugs fix of iOS 10.1

Released October 24, 2016

Camera and Photos
– Introduces Portrait Camera for iPhone 7 Plus that creates a depth effect that keeps your subject sharp while creating a beautifully blurred background (beta)
– People names in the Photos app are saved in iCloud backups
– Improved the display of wide color gamut photos in the grid views of the Photos app
– Fixes an issue where opening the Camera app would show a blurred or flashing screen for some users
– Fixes an issue that caused Photos to quit for some users when turning on iCloud Photo Library

Maps
– Transit support for every major train, subway, ferry, and national bus line, as well as local bus systems for Tokyo, Osaka, and Nagoya
– Sign-based transit navigation including layouts of all underground structures and walkways that connect large transit stations
– Transit fare comparison when viewing alternative transit routes

Messages
– New option to replay bubble and full screen effects
– Messages effects can play with Reduce Motion enabled
– Fixes an issue that could lead to contact names appearing incorrectly in Messages
– Addresses an issue where Messages could open to a white screen
– Addresses an issue that could prevent the report junk option from displaying with unknown senders
– Fixes an issue where videos captured and sent in the Messages app could be missing audio

Apple Watch
– Adds distance and average pace to workout summaries in the Activity app for outdoor wheelchair run pace and outdoor wheelchair walk pace
– Fixes issues that may have prevented Music playlists from syncing to Apple Watch
– Addresses an issue that was preventing invitations and data to appear in Activity Sharing
– Fixes an issue that was allowing Activity Sharing to update over cellular when manually disabled
– Resolves an issue that was causing some third-party apps to crash when inputting text

Other improvements and fixes
– Improves Bluetooth connectivity with 3rd party accessories
– Improves AirPlay Mirroring performance when waking a device from sleep
– Fixes an issue where playback would not work for iTunes purchased content when the “Show iTunes Purchases” setting is turned off
– Fixes an issue where certain selfie apps and face filters used with the FaceTime HD camera on iPhone 7 and iPhone 7 Plus did not display a live preview
– Fixes an issue in Health where individual strokes are converted to separate characters when using the Chinese handwriting keyboard
– Improves performance of sharing websites from Safari to Messages
– Fixes an issue in Safari that caused web previews in tab view to not display correctly
– Fixes an issue that caused certain Mail messages to be reformatted with very small text
– Fixes an issue that caused some HTML email to be formatted incorrectly
– Fixes an issue that in some cases caused the search field to disappear in Mail
– Fixes an issue that could prevent Today View Widgets from updating when launched
– Fixes an issue where Weather widget sometimes failed to load data
– Fixes an issue on iPhone 7 where Home Button click settings would not appear in search results
– Fixes an issue that prevented spam alert extensions from blocking calls
– Resolves an issue that could prevent alarm sounds from going off
– Fixes an issue where audio playback via Bluetooth would cause the Taptic engine to stop providing feedback for some users
– Resolves an issue preventing some users from restoring from iCloud Backup

About the security content of iOS 10.1

iOS 10.1

CFNetwork Proxies

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: An attacker in a privileged network position may be able to leak sensitive user information

Description: A phishing issue existed in the handling of proxy credentials. This issue was addressed by removing unsolicited proxy password authentication prompts.

CVE-2016-7579: Jerry Decime

CoreGraphics

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Viewing a maliciously crafted JPEG file may lead to arbitrary code execution

Description: A memory corruption issue was addressed through improved memory handling.

CVE-2016-4673: Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent

FaceTime

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: An attacker in a privileged network position may be able to cause a relayed call to continue transmitting audio while appearing as if the call terminated

Description: User interface inconsistencies existed in the handling of relayed calls. These issues were addressed through improved FaceTime display logic.

CVE-2016-4635: Martin Vigo (@martin_vigo) of salesforce.com

FontParser

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Parsing a maliciously crafted font may disclose sensitive user information

Description: An out-of-bounds read was addressed through improved bounds checking.

CVE-2016-4660: Ke Liu of Tencent’s Xuanwu Lab

Kernel

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: An application may be able to disclose kernel memory

Description: A validation issue was addressed through improved input sanitization.

CVE-2016-4680: Max Bazaliy of Lookout and in7egral

libarchive

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: A malicious archive may be able to overwrite arbitrary files

Description: An issue existed within the path validation logic for symlinks. This issue was addressed through improved path sanitization.

CVE-2016-4679: Omer Medan of enSilo Ltd

libxpc

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: An application may be able to execute arbitrary code with root privileges

Description: A logic issue was addressed through additional restrictions.

CVE-2016-4675: Ian Beer of Google Project Zero

Sandbox Profiles

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: An application may be able to retrieve metadata of photo directories

Description: An access issue was addressed through additional sandbox restrictions on third party applications.

CVE-2016-4664: Razvan Deaconescu, Mihai Chiroiu (University POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi (TU Darmstadt)

Sandbox Profiles

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: An application may be able to retrieve metadata of audio recording directories

Description: An access issue was addressed through additional sandbox restrictions on third party applications.

CVE-2016-4665: Razvan Deaconescu, Mihai Chiroiu (University POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi (TU Darmstadt)

Security

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: A local attacker can observe the length of a login password when a user logs in

Description: A logging issue existed in the handling of passwords. This issue was addressed by removing password length logging.

CVE-2016-4670: Daniel Jalkut of Red Sweater Software

System Boot

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: A local user may be able to cause an unexpected system termination or arbitrary code execution in the kernel

Description: Multiple input validation issues existed in MIG generated code. These issues were addressed through improved validation.

CVE-2016-4669: Ian Beer of Google Project Zero

WebKit

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: Multiple memory corruption issues were addressed through improved memory handling.

CVE-2016-4666: Apple

CVE-2016-4677: An anonymous researcher working with Trend Micro’s Zero Day Initiative

Share this Article
Leave a comment

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.