BT

New Early adopter or innovator? InfoQ has been working on some new features for you. Learn more

Apple Fixes Security Flaw in iOS 9.3

| by Alex Blewitt Follow 2 Followers on Mar 21, 2016. Estimated reading time: 2 minutes |

At today's Let us loop you in event at the Apple headquarters in California, Apple released an updated version of their mobile device, called the iPhone SE. It returns to the 4" size of previous versions of the iPhone but with a similar processor to the iPhone 6, including Touch ID, NFC (for Apple Pay) and Live Photos, a feature which records a brief segment of video before and after the photo is taken, for a truly Harry Potter experience. Along with the newly released iPhone SE came a smaller version of the iPad Pro, at the same size as existing iPads but with the same processor and technology.

The event started off with CEO TIm Cook addressing the ongoing issue with the FBI, saying that:

We built the iPhone for you, our customers. And we know it is a deeply personal device. We did not expect to be in this position at odds with our own government. But we believe strongly that we have a responsibility to help you protect your data and protect your privacy. We owe it to our customers and we owe it to our country. This is an issue that impacts all of us.

The event continued with the reveal of iOS 9.3, which has been in development for months and has seen beta testers use it already. New features include a "night shift", which dims the screen's backlight as well as reducing the blue component of the display to reduce the level and colour of light that are potentially detrimental to sleep.

The version of iOS is also said to fix a recently-uncovered iMessage bug by researchers at John Hopkins, according to the Washington Post. Attachments to iMessages (such as photos and videos) are stored as separate blobs, and are encrypted before sending the data to Apple's servers with a particular key. By emulating an iMessage server and interacting with the responses, the attackers were able to brute-force each individual digit of the key used, potentially using a timing attack to determine how long each response takes. Changes in validation against the iMessage servers have reduced the probability of iMessages or attachments being intercepted, and iOS 9.3's security updates states that "A cryptographic issue was addressed by rejecting duplicate messages on the client." Notably there are several fixes for the HTTP stack as well as the kernel, some of which have the potential for remote code execution, and so updating to the latest iOS version is recommended after testing and backing up.

Apple and the FBI are in court tomorrow with further updates of the government order covered previously on InfoQ. Further updates will be added as they become available.

Rate this Article

Adoption Stage
Style

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Tell us what you think

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread
Community comments

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Discuss

Login to InfoQ to interact with what matters most to you.


Recover your password...

Follow

Follow your favorite topics and editors

Quick overview of most important highlights in the industry and on the site.

Like

More signal, less noise

Build your own feed by choosing topics you want to read about and editors you want to hear from.

Notifications

Stay up-to-date

Set up your notifications and don't miss out on content that matters to you

BT