[情报] IOS 10.2.1 更新内容 kyle5241 PTT批踢踢实业坊

[情报] IOS 10.2.1 更新内容

楼主: kyle5241 (kyle) 2017-01-24 05:30:37

https://support.apple.com/en-us/HT207482
This document describes the security content of iOS 10.2.1.
iOS 10.2.1
Released January 23, 2017
Auto Unlock 自动解锁问题
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch
6th generation and later
影响：当Apple watch离开你的手时仍然会自动解锁
Impact: Auto Unlock may unlock when Apple Watch is off the user's wrist
Description: A logic issue was addressed through improved state management.
CVE-2017-2352: Ashley Fernandez of raptAware Pty Ltd
Contacts 联络人问题
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch
6th generation and later
影响：恶意的联络人资料卡可能造成程式中止
Impact: Processing a maliciously crafted contact card may lead to unexpected
application termination
Description: An input validation issue existed in the parsing of contact
cards. This issue was addressed through improved input validation.
CVE-2017-2368: Vincent Desmurs (vincedes3)
Kernel 内核
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch
6th generation and later
影响：程式利用内核的特殊权限任意执行程式码
Impact: An application may be able to execute arbitrary code with kernel
privileges
Description: A buffer overflow issue was addressed through improved memory
handling.
CVE-2017-2370: Ian Beer of Google Project Zero
Kernel 内核
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch
6th generation and later
影响：程式利用内核的特殊权限任意执行程式码
Impact: An application may be able to execute arbitrary code with kernel
privileges
Description: A use after free issue was addressed through improved memory
management.
CVE-2017-2360: Ian Beer of Google Project Zero
libarchive 数据库封存问题
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch
6th generation and later
影响：打开恶意产生的封包可能导致程式码任意执行
Impact: Unpacking a maliciously crafted archive may lead to arbitrary code
execution
Description: A buffer overflow issue was addressed through improved memory
handling.
CVE-2016-8687: Agostino Sarubbo of Gentoo
WebKit 问题
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch
6th generation and later
影响：处理恶意网站内容可能导致别的来源的资料流出
Impact: Processing maliciously crafted web content may exfiltrate data
cross-origin
Description: A prototype access issue was addressed through improved
exception handling.
CVE-2017-2350: Gareth Heyes of Portswigger Web Security
WebKit 问题
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch
6th generation and later
影响：处理恶意网站内容可能导致执行任何程式码
Impact: Processing maliciously crafted web content may lead to arbitrary code
execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2017-2354: Neymar of Tencent's Xuanwu Lab (tencent.com) working with
Trend Micro's Zero Day Initiative
CVE-2017-2362: Ivan Fratric of Google Project Zero
CVE-2017-2373: Ivan Fratric of Google Project Zero
WebKit 问题
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch
6th generation and later
影响：处理恶意网站内容可能导致执行任何程式码
Impact: Processing maliciously crafted web content may lead to arbitrary code
execution
Description: A memory initialization issue was addressed through improved
memory handling.
CVE-2017-2355: Team Pangu and lokihardt at PwnFest 2016
WebKit 问题
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch
6th generation and later
影响：处理恶意网站内容可能导致执行任何程式码
Impact: Processing maliciously crafted web content may lead to arbitrary code
execution
Description: Multiple memory corruption issues were addressed through
improved input validation.
CVE-2017-2356: Team Pangu and lokihardt at PwnFest 2016
CVE-2017-2369: Ivan Fratric of Google Project Zero
CVE-2017-2366: Kai Kang of Tencent's Xuanwu Lab (tencent.com)
WebKit 问题
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch
6th generation and later
影响：处理恶意网站内容可能导致别的来源的资料流出
Impact: Processing maliciously crafted web content may exfiltrate data
cross-origin
Description: A validation issue existed in the handling of page loading. This
issue was addressed through improved logic.
CVE-2017-2363: lokihardt of Google Project Zero
CVE-2017-2364: lokihardt of Google Project Zero
WebKit 问题
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch
6th generation and later
影响：恶意网站可以打开弹出式视窗
Impact: A malicious website can open popups
Description: An issue existed in the handling of blocking popups. This was
addressed through improved input validation.
CVE-2017-2371: lokihardt of Google Project Zero
WebKit 问题
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch
6th generation and later
影响：处理恶意网站内容可能导致别的来源的资料流出
Impact: Processing maliciously crafted web content may exfiltrate data
cross-origin
Description: A validation issue existed in the handling of variable handling.
This issue was addressed through improved validation.
CVE-2017-2365: lokihardt of Google Project Zero
WiFi 问题
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch
6th generation and later
影响：有启动锁定的装置可以在操作下短暂的显示首页
Impact: An activation-locked device can be manipulated to briefly present the
home screen
Description: An issue existed with handling user input that caused a device
to present the home screen even when activation locked. This was addressed
through improved input validation.
CVE-2017-2351: Sriram (@Sri_Hxor) of Primefort Pvt. Ltd., Hemanth Joseph

作者: jatj 2017-01-24 06:22:00

TL;DR

作者: othersHTC92 (other界的霸主) 2017-01-24 08:02:00

不要上来丢脸了好吗你懂英文吗

作者: z8632100 (超级蹦挖) 2017-01-24 08:25:00

我英文素质低落

作者: rock1331 (不良角色) 2017-01-24 08:27:00

可以桶他吗？

作者: dannyace (南瓜) 2017-01-24 08:27:00

贴这干嘛

楼主: kyle5241 (kyle) 2017-01-24 08:31:00

iOS 10.2.1 的更新内容啊......

作者: st8740212 2017-01-24 08:34:00

贴上来没翻译没解释洗文喔

楼主: kyle5241 (kyle) 2017-01-24 08:34:00

这个版是怎么回事......

作者: haleytll (Zoe) 2017-01-24 08:41:00

复制贴上谁都会，内文完全没有个人意见、看法或说明见解

作者: zonhan (我愿与妳共舞) 2017-01-24 08:47:00

板规6

作者: celtics1997 (山东之龙-禁邪赛鸽) 2017-01-24 08:50:00

作者: oopsskimo (...) 2017-01-24 08:51:00

板龟6c

作者: kuso10582 (Piscine) 2017-01-24 08:52:00

都用这么久的ptt了，难道不知道不行复制贴上吗？

作者: abram (科科) 2017-01-24 08:54:00

嫩

作者: bbace 2017-01-24 08:58:00

嘘你才怎么了发文不看版规

作者: macho1223 (Macho1223) 2017-01-24 08:58:00

快推不然以为我们不懂英文

作者: othersHTC92 (other界的霸主) 2017-01-24 08:59:00

喔好棒棒喔你懂英文好厉害

作者: hhh1234321 (3h) 2017-01-24 09:00:00

我竟然看得懂......(噗~~~)

作者: bqmm (岚) 2017-01-24 09:02:00

Ctrl C + V 这样也好意思一篇？

作者: horseorange (橘小马) 2017-01-24 09:03:00

所以闹钟修好了没?（x

作者: a258558 (MattJ) 2017-01-24 09:18:00

呃...

作者: pm2001 (做个盾牌眼球兵吧) 2017-01-24 09:39:00

复制贴上的被嘘反观只贴张截图就没问题厂厂

作者: Grady1979 (Grady) 2017-01-24 09:53:00

我才想问你是怎么回事咧....

作者: ichen30259 (ichen30259) 2017-01-24 09:56:00

所以勿扰模式修好了没？

作者: HOME8869 (罗生门) 2017-01-24 09:57:00

什么叫他妈的惊喜

作者: kobe7610 (渴望的狗) 2017-01-24 09:58:00

作者: s973311 (树难爬) 2017-01-24 10:20:00

欺负我没读书喔~ 奇怪捏

作者: zx2998 2017-01-24 10:29:00

推推

作者: chrislt2322 (克里斯林) 2017-01-24 10:37:00

好啦帮搬运工补个血

作者: ImCPM (Heilo) 2017-01-24 10:39:00

好可怜帮你QQ 果粉不意外

作者: vector (向量) 2017-01-24 10:47:00

你贴这样我直接去苹果不是更快

作者: yangchenyue (AYA) 2017-01-24 10:48:00

我傻眼XD

作者: mango314 (Mine) 2017-01-24 10:54:00

跟上一篇一样半斤八两,反正这边根本没版主,贴什么有差吗

作者: Paulbio (小便当) 2017-01-24 10:59:00

我觉得有东西看不用去找，不错啊

作者: tomodachiwen (wen) 2017-01-24 11:43:00

为什么要嘘？

作者: x850519 (小鲁弟) 2017-01-24 11:47:00

第一篇是情报，第二篇是洗文

作者: frank0908 2017-01-24 12:10:00

这个版素质真的越来越差了

作者: pm2001 (做个盾牌眼球兵吧) 2017-01-24 12:15:00

这篇至少把连结贴出来情报量比上一篇多太多了

作者: frank0908 2017-01-24 12:16:00

而且这次的安全性更新本来就是10.2.1的核心

作者: alwyss (MAI) 2017-01-24 12:27:00

这个板的板主真的好好当喔

作者: wryyyyyyyy (蜥蜴长老) 2017-01-24 12:30:00

作者: a0913865175 (KIMOGI0602) 2017-01-24 12:40:00

推个补血

作者: ernie0112 (小赖) 2017-01-24 12:55:00

自己能力不好，不能去加强吗，拿别人用好的资料来看，不就代表自己懒得找懒得看，比别人贴一张好多了吧

作者: popo6307 (BananaLala) 2017-01-24 13:01:00

推推

作者: Achernar (My way) 2017-01-24 13:13:00

原PO辛苦啦，这篇比前一篇来的实用

作者: abian (abian) 2017-01-24 13:31:00

前面的推文是什么情形..

作者: j94223 (笨肌) 2017-01-24 13:36:00

推很有用的情报文

作者: tallolz (透) 2017-01-24 13:41:00

本来是原文纯复制贴上

作者: LBJ2ndKing (LBJ亚军王) 2017-01-24 14:13:00

前面想带风向？

楼主: kyle5241 (kyle) 2017-01-24 14:40:00

我莫名奇妙被嘘，明明这是比较重要的资讯....

作者: alanalan2007 (YOYO) 2017-01-24 15:04:00

推回来，明明前面那篇才没用，这篇很多资讯。

作者: ken84929 (破军★翼) 2017-01-24 15:27:00

帮推

作者: miniwhy (口卡口卡 ) 2017-01-24 15:50:00

帮推有翻译了

作者: johnny1229 (文化裘德洛) 2017-01-24 16:11:00

上面是在嘘什么？

作者: allan0926 (allan) 2017-01-24 16:14:00

谢谢分享

作者: AHAJAY (阿哈J) 2017-01-24 16:42:00

随便都比一堆废文好

作者: NinOAQ (妮OuO/) 2017-01-24 16:50:00

推补翻译

作者: shenyang (身痒抓抓) 2017-01-24 16:58:00

推

作者: WuMOS (Ian) 2017-01-24 17:36:00

推翻译

作者: fyso (sophie1iao) 2017-01-24 17:47:00

推

作者: altria27 (altria27) 2017-01-24 17:52:00

前面那篇什么都没提到这篇内容都有有啥好虚..

作者: gary21617mvp (ToroChip) 2017-01-24 17:56:00

推

作者: nicegigi (呛斯呛斯) 2017-01-24 18:07:00

推好心翻译嘘的人是因为一开始没翻译，看不懂才嘘的吧

作者: ninewords (全世界的人都很悲伤) 2017-01-24 18:25:00

看了嘘的几楼，真是笑死我了，原来脑袋可以这样用

作者: ppstyle7 (阿喵喵) 2017-01-24 18:42:00

原po一开始只有将英文全部贴上，翻译是后来才加的

作者: shihhhpin (小小小宏) 2017-01-24 19:50:00

推推

作者: pm2001 (做个盾牌眼球兵吧) 2017-01-24 20:02:00

一开始就算只有英文至少有付官方连结我想不管怎样都比截图好

作者: cleanesty 2017-01-24 20:33:00

语言不合

作者: HCHsiang (金城武是我) 2017-01-24 20:56:00

推

作者: tomodachiwen (wen) 2017-01-24 21:06:00

再推一次前面嘘的真的很有趣

作者: baibaizo 2017-01-24 21:25:00

作者: crayon123 (jackwu) 2017-01-24 21:35:00

补血。上面不知道在嘘什么

作者: jerry255701 (杰瑞) 2017-01-24 21:42:00

帮补血

作者: BlueIceBeer 2017-01-24 21:47:00

帮补血，原PO别介意，就是有一堆没知识的秀下限

作者: snowgod (北极熊的邻居) 2017-01-24 22:19:00

补

作者: a87992772 (QQQ) 2017-01-24 22:22:00

？嘘啥

作者: SimACC (didbib) 2017-01-24 22:55:00

补

作者: DarrenKuo (Darren) 2017-01-24 22:58:00

补血

作者: alins1999 (谢强尼) 2017-01-24 23:13:00

辛苦原PO。

作者: kevinee ( ) 2017-01-25 00:15:00

推前面的嘘文很有事

作者: Vek1112 (喔登登) 2017-01-25 02:19:00

作者: st880517 2017-01-25 02:36:00

帮补一发

作者: bestneil (青柚) 2017-01-25 03:09:00

补血

作者: ss15669659 (Zijun) 2017-01-25 03:32:00

推

作者: McDownlaw (我就是爱大麦克) 2017-01-25 03:48:00

推

作者: Rammus1111 (NK_Rammus龟) 2017-01-25 04:31:00

前面的还好吗...？这明明很有用啊

作者: AirRider (又怎么了) 2017-01-25 05:25:00

一堆玻璃心看不懂乱嘘，上一篇怎不嘘？助推一个

作者: DKPCOFGS (Eight) 2017-01-25 08:16:00

怪了国民教育没教英文吗？

作者: mars1396 (mars1396) 2017-01-25 08:35:00

补血

作者: young199517 (young199517) 2017-01-25 09:50:00

前面都玻璃心喔帮补

作者: baronmax (songyy) 2017-01-25 10:11:00

补血

作者: CraziPhone (有点不方便) 2017-01-25 11:34:00

﴿

作者: mienchin (帕尔摩斯兔子) 2017-01-25 12:24:00

推推

作者: kevin11tw (台中阿翔) 2017-01-25 12:28:00

补血推

作者: clop (月饼狗) 2017-01-25 12:56:00

前面的嘘文有什么事

作者: cheche0512 (呵呵) 2017-01-25 12:59:00

第一篇那样才夸张吧

作者: keeper036 (掰咖) 2017-01-25 13:55:00

从古至今语言是造成战争的重要关键XD

作者: eric45670 (丹羽) 2017-01-25 14:43:00

笑看那些英文不好乱炮的

作者: w5151381guy (kirito帆) 2017-01-25 15:39:00

前面那些人乱嘘在秀下限?自己看不懂就乱嘘别人厂厂

作者: jimmythepeng (NTUpenguin) 2017-01-26 18:08:00

补推

作者: kentplay (鲨鱼) 2017-01-27 22:54:00

觉得很有帮助阿

作者: XDDDD5566 (我绝对没偷吃实验室点心) 2017-01-28 03:29:00

OuO 好凶

作者: aifam (忙~所有问题我会择空回答) 2017-01-28 07:57:00

嘘文的人，你们还好吗？

作者: Feases (<(￣︶￣)>) 2017-01-28 22:59:00

满好的

作者: yoo31805 (Q毛) 2017-01-29 18:45:00

这篇充实多了，感谢原po分享

继续阅读

[问题] Apple Watch表面天气显示denru01 [情报] IOS 10.2.1 正式版推出henry4621 Re: [讨论] 周年庆预购到货情况wenhsuan11 iphone6/6s 皮革保护壳通用问题nomieno [问题] 6s+ wifi反灰tw00484586 [讨论] 洛克人bjzx5 Re: [心得] iphone6换电池，却拿不回旧电池！randy0125 [问题] 换下的电池？Samuelfish [问题] 怎么取回萤幕坏掉手机内部的档案?cciibbaa Re: [心得] 光华某店维修心得AizawaYuuiti