Apple Releases iOS 11.3.1: Includes Security Fixes and Addresses 3rd Party Screen Replacement Problem for iPhone 8

iOS 11

Apple released iOS 11.3.1 on Tuesday. Apple’s patch notes specify two things: security and an issue affecting iPhone 8 devices with unauthorized third party screen replacements.

Separately, Apple released macOS 10.13.4 Security Update 2018-001.

iOS 11

Interestingly, Apple’s patch notes specify that the release “improves the security” of iOS devices. This is different from the more general “performance and reliability” wording Apple usually uses, even when there are lots of security patches in an update. More on the specifics below.

iOS 11.3.1 is a 44.5MB download over-the-air (OTA) for iPhone X. On iPad Pro (9.7-inch), it’s 33.5MB.

Release Notes for iOS 11.3.1

iOS 11.3.1 improves the security of your iPhone or iPad and addresses an issue where touch input was unresponsive on some iPhone 8 devices because they were serviced with non-genuine replacement displays.

Note: Non-genuine replacement displays may have compromised visual quality and may fail to work correctly. Apple-certified screen repairs are performed by trusted experts who use genuine Apple parts. See support.apple.com for more information.

Security Release Notes for iOS 11.3.1

Apple’s security release notes for iOS 11.3.1 detail four security holes that were patched. Three of them allow the bad guys to take over your iOS device, while the third would allow UI spoofing, which could also lead to shenanigans. From Apple:

Crash Reporter

Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A memory corruption issue was addressed with improved error handling.

CVE-2018-4206: Ian Beer of Google Project Zero

LinkPresentation

Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: Processing a maliciously crafted text message may lead to UI spoofing
Description: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.

CVE-2018-4187: Zhiyang Zeng (@Wester) of Tencent Security Platform Department, Roman Mueller (@faker_)

WebKit

Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A memory corruption issue was addressed with improved state management.

CVE-2018-4200: Ivan Fratric of Google Project Zero

WebKit

Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A memory corruption issue was addressed with improved memory handling.

CVE-2018-4204: Richard Zhu (fluorescence) working with Trend Micro’s Zero Day Initiative, found by OSS-Fuzz

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.