https://support.apple.com/en-us/HT207482
This document describes the security content of iOS 10.2.1.
iOS 10.2.1
Released January 23, 2017
Auto Unlock 自动解锁问题
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch
6th generation and later
影响:当Apple watch离开你的手时仍然会自动解锁
Impact: Auto Unlock may unlock when Apple Watch is off the user's wrist
Description: A logic issue was addressed through improved state management.
CVE-2017-2352: Ashley Fernandez of raptAware Pty Ltd
Contacts 联络人问题
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch
6th generation and later
影响:恶意的联络人资料卡可能造成程式中止
Impact: Processing a maliciously crafted contact card may lead to unexpected
application termination
Description: An input validation issue existed in the parsing of contact
cards. This issue was addressed through improved input validation.
CVE-2017-2368: Vincent Desmurs (vincedes3)
Kernel 内核
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch
6th generation and later
影响:程式利用内核的特殊权限任意执行程式码
Impact: An application may be able to execute arbitrary code with kernel
privileges
Description: A buffer overflow issue was addressed through improved memory
handling.
CVE-2017-2370: Ian Beer of Google Project Zero
Kernel 内核
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch
6th generation and later
影响:程式利用内核的特殊权限任意执行程式码
Impact: An application may be able to execute arbitrary code with kernel
privileges
Description: A use after free issue was addressed through improved memory
management.
CVE-2017-2360: Ian Beer of Google Project Zero
libarchive 数据库封存问题
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch
6th generation and later
影响:打开恶意产生的封包可能导致程式码任意执行
Impact: Unpacking a maliciously crafted archive may lead to arbitrary code
execution
Description: A buffer overflow issue was addressed through improved memory
handling.
CVE-2016-8687: Agostino Sarubbo of Gentoo
WebKit 问题
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch
6th generation and later
影响:处理恶意网站内容可能导致别的来源的资料流出
Impact: Processing maliciously crafted web content may exfiltrate data
cross-origin
Description: A prototype access issue was addressed through improved
exception handling.
CVE-2017-2350: Gareth Heyes of Portswigger Web Security
WebKit 问题
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch
6th generation and later
影响:处理恶意网站内容可能导致执行任何程式码
Impact: Processing maliciously crafted web content may lead to arbitrary code
execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2017-2354: Neymar of Tencent's Xuanwu Lab (tencent.com) working with
Trend Micro's Zero Day Initiative
CVE-2017-2362: Ivan Fratric of Google Project Zero
CVE-2017-2373: Ivan Fratric of Google Project Zero
WebKit 问题
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch
6th generation and later
影响:处理恶意网站内容可能导致执行任何程式码
Impact: Processing maliciously crafted web content may lead to arbitrary code
execution
Description: A memory initialization issue was addressed through improved
memory handling.
CVE-2017-2355: Team Pangu and lokihardt at PwnFest 2016
WebKit 问题
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch
6th generation and later
影响:处理恶意网站内容可能导致执行任何程式码
Impact: Processing maliciously crafted web content may lead to arbitrary code
execution
Description: Multiple memory corruption issues were addressed through
improved input validation.
CVE-2017-2356: Team Pangu and lokihardt at PwnFest 2016
CVE-2017-2369: Ivan Fratric of Google Project Zero
CVE-2017-2366: Kai Kang of Tencent's Xuanwu Lab (tencent.com)
WebKit 问题
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch
6th generation and later
影响:处理恶意网站内容可能导致别的来源的资料流出
Impact: Processing maliciously crafted web content may exfiltrate data
cross-origin
Description: A validation issue existed in the handling of page loading. This
issue was addressed through improved logic.
CVE-2017-2363: lokihardt of Google Project Zero
CVE-2017-2364: lokihardt of Google Project Zero
WebKit 问题
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch
6th generation and later
影响:恶意网站可以打开弹出式视窗
Impact: A malicious website can open popups
Description: An issue existed in the handling of blocking popups. This was
addressed through improved input validation.
CVE-2017-2371: lokihardt of Google Project Zero
WebKit 问题
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch
6th generation and later
影响:处理恶意网站内容可能导致别的来源的资料流出
Impact: Processing maliciously crafted web content may exfiltrate data
cross-origin
Description: A validation issue existed in the handling of variable handling.
This issue was addressed through improved validation.
CVE-2017-2365: lokihardt of Google Project Zero
WiFi 问题
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch
6th generation and later
影响:有启动锁定的装置可以在操作下短暂的显示首页
Impact: An activation-locked device can be manipulated to briefly present the
home screen
Description: An issue existed with handling user input that caused a device
to present the home screen even when activation locked. This was addressed
through improved input validation.
CVE-2017-2351: Sriram (@Sri_Hxor) of Primefort Pvt. Ltd., Hemanth Joseph
作者:
jatj 2017-01-24 06:22:00TL;DR
作者: st8740212 2017-01-24 08:34:00
贴上来没翻译没解释 洗文喔
复制贴上谁都会,内文完全没有个人意见、看法或说明见解
作者:
zonhan (我愿与妳共舞)
2017-01-24 08:47:00板规6
作者:
abram (科科)
2017-01-24 08:54:00嫩
作者: bbace 2017-01-24 08:58:00
嘘你才怎么了 发文不看版规
作者:
macho1223 (Macho1223)
2017-01-24 08:58:00快推不然以为我们不懂英文
作者:
bqmm (岚)
2017-01-24 09:02:00Ctrl C + V 这样也好意思一篇?
作者:
a258558 (MattJ)
2017-01-24 09:18:00呃...
作者:
pm2001 (做个盾牌眼球兵吧)
2017-01-24 09:39:00复制贴上的被嘘 反观只贴张截图就没问题 厂厂
作者:
s973311 (树难爬)
2017-01-24 10:20:00欺负我没读书喔~ 奇怪捏
作者:
zx2998 2017-01-24 10:29:00推推
作者:
ImCPM (Heilo)
2017-01-24 10:39:00好可怜 帮你QQ 果粉不意外
作者:
vector (向量)
2017-01-24 10:47:00你贴这样我直接去苹果不是更快
跟上一篇一样半斤八两,反正这边根本没版主,贴什么有差吗
作者:
Paulbio (小便当)
2017-01-24 10:59:00我觉得有东西看不用去找,不错啊
作者:
x850519 (小鲁弟)
2017-01-24 11:47:00第一篇是情报,第二篇是洗文
作者: frank0908 2017-01-24 12:10:00
这个版素质真的越来越差了
作者:
pm2001 (做个盾牌眼球兵吧)
2017-01-24 12:15:00这篇至少把连结贴出来 情报量比上一篇多太多了
作者: frank0908 2017-01-24 12:16:00
而且这次的安全性更新本来就是10.2.1的核心
作者:
alwyss (MAI)
2017-01-24 12:27:00这个板的板主真的好好当喔
作者: wryyyyyyyy (蜥蜴长老) 2017-01-24 12:30:00
.
自己能力不好,不能去加强吗,拿别人用好的资料来看,不就代表自己懒得找懒得看,比别人贴一张好多了吧
作者:
popo6307 (BananaLala)
2017-01-24 13:01:00推推
作者:
Achernar (My way)
2017-01-24 13:13:00原PO辛苦啦,这篇比前一篇来的实用
作者: abian (abian) 2017-01-24 13:31:00
前面的推文是什么情形..
作者: j94223 (笨肌) 2017-01-24 13:36:00
推 很有用的情报文
作者:
tallolz (透)
2017-01-24 13:41:00本来是原文纯复制贴上
作者: ken84929 (破军★翼) 2017-01-24 15:27:00
帮推
作者:
miniwhy (口卡口卡 )
2017-01-24 15:50:00帮推 有翻译了
作者:
AHAJAY (阿哈J)
2017-01-24 16:42:00随便都比一堆废文好
作者:
NinOAQ (妮OuO/)
2017-01-24 16:50:00推补翻译
作者: shenyang (身痒抓抓) 2017-01-24 16:58:00
推
作者:
WuMOS (Ian)
2017-01-24 17:36:00推翻译
作者: fyso (sophie1iao) 2017-01-24 17:47:00
推
作者:
altria27 (altria27)
2017-01-24 17:52:00前面那篇什么都没提到 这篇内容都有 有啥好虚..
作者: gary21617mvp (ToroChip) 2017-01-24 17:56:00
推
推好心翻译嘘的人是因为一开始没翻译,看不懂才嘘的吧
作者:
ninewords (全世界的人都很悲伤)
2017-01-24 18:25:00看了嘘的几楼,真是笑死我了,原来脑袋可以这样用
作者:
pm2001 (做个盾牌眼球兵吧)
2017-01-24 20:02:00一开始就算只有英文 至少有付官方连结我想不管怎样都比截图好
作者: cleanesty 2017-01-24 20:33:00
语言不合
作者:
HCHsiang (金城武是我)
2017-01-24 20:56:00推
作者: baibaizo 2017-01-24 21:25:00
赞
作者:
snowgod (北极熊的邻居)
2017-01-24 22:19:00补
作者:
SimACC (didbib)
2017-01-24 22:55:00补
作者:
kevinee ( )
2017-01-25 00:15:00推 前面的嘘文很有事
作者:
Vek1112 (喔登登)
2017-01-25 02:19:00赞
作者: bestneil (青柚) 2017-01-25 03:09:00
补血
作者: McDownlaw (我就是爱大麦克) 2017-01-25 03:48:00
推
作者: DKPCOFGS (Eight) 2017-01-25 08:16:00
怪了 国民教育没教英文吗?
作者:
mars1396 (mars1396)
2017-01-25 08:35:00补血
作者:
baronmax (songyy)
2017-01-25 10:11:00补血
作者:
mienchin (帕尔摩斯兔子)
2017-01-25 12:24:00推推
作者:
clop (月饼狗)
2017-01-25 12:56:00前面的嘘文有什么事
作者: jimmythepeng (NTUpenguin) 2017-01-26 18:08:00
补推
作者:
XDDDD5566 (我绝对没偷吃实验室点心)
2017-01-28 03:29:00OuO 好凶
作者:
aifam (忙~所有问题我会择空回答)
2017-01-28 07:57:00嘘文的人,你们还好吗?
作者:
Feases (<( ̄︶ ̄)>)
2017-01-28 22:59:00满好的
作者: yoo31805 (Q毛) 2017-01-29 18:45:00
这篇充实多了,感谢原po分享