Nearly half of Apple iOS users not to upgrade to the latest version easily by a known high-risk flaws vulnerability bug violations-vulnerability warning-the black bar safety net

the iOS system has always been to its good safety deep to give a large user of trust, in particular its security into the level rate with Android than there is a significant upper hand. But according to baidu security Labs hundreds of millions of the Taiwan Strait within the iOS equipment system version statistical invention, the iOS 10.3.3 to 7.19 announced it has been 50 days, only 54% of the user into the class to latest iOS 10.3.3 system, the residual remaining to the almost binary home iOS equipment is still stuck in the high-risk flaws vulnerabilities bugs affecting the legacy system. Even the latest iPhone7 series models, there are also nearly 32% of the equipment is not in real time into the stage. And these older versions of the more high-risk flaws vulnerability bug using way to ever is underground, not into the users face stringent security hazard. Let’s shout to iOS users as soon as possible into the class, and also the cry of mobile phone manufacturers to adopt the more useful tips to cover popular users and prevent them from being a known high-risk flaws vulnerability bug of intimidating.

Nearly binary at home and iOS users face a high-risk flaws vulnerabilities bugs are intimidated

Security lab for collecting on the million units iOS equipment system version to stop the statistics, to dispel the hypocrisy of the equipment nuisance after the results show, the Today domestic feed grade to the latest iOS 10.3. 3 system equipment accounted for only 54 per cent. There are still nearly half of iOS equipment to evacuate the residence in the other 44 differences of the old version of the iOS system. Those running older versions of iOS system of the equipment will face in the foregoing enumeration of the various high-risk flaws vulnerability bug security risk.

Detailed system version of a ratio spread as shown in Figure 1, From left half-sector beginning in the counterclockwise biased by the old and new versions ORDER BY for latest iOS 10.3. 3 to 4 years ago the version of iOS 7 in. This, the latest iOS 10.3. 3 System accounted for 53. 6%; iOS 10 older versions of important to 10. 3. 2 for than 8. 2% and 10.2.1 for more than 6. 2 percent based, 10. 2 and 10. 1. 1 Each accounted for 3%, of residue remaining 7 iOS 10 The Legacy of the public accounted for 6. 9%; still with spans 18% of the users stay in iOS 10 the previous version, announced once in two years of iOS 9 accounted for 11. 9%, declared once three years of iOS 8 accounted for 6 per cent.

Anything else, let’s get to the important models of the category system version of the scale to stop the statistics, the results shown in Figure 2, From left to right, respectively, for the iPhone7 series 2016 year 9 month announced that iPhone6s series in 2015 9 January announced, the older iPhone models, iPad Pro Series and other iPad series. Class 5 equipment models are bound to the proportion of fragmented score, that is now the latest iPhone7 series phones, there are also nearly 32%did not feed grade to the latest 10. 3. 3 System.

Home and iOS equipment system version of the spread

Figure 1. Home and iOS equipment system version of the spread

The differences of the machine type category system version of the spread

Figure 2. The differences of the machine type category system version of the spread

Multiple high risk flaws vulnerability bug use is Underground, the impact of iOS10. 3. 3 previous all version

Each iOS system announced a new version after the new version has fix the sector flaws vulnerability bug details and the use way will be the workshop’s ground floor, sector flaws vulnerability bug using the complete code will also be underground announced for discussion exchange. For the safety of the community made into the offer, but also for vicious thoughts attacking the invaders supply a convenient attack invasion premise. Vicious thoughts to attack the intruder might be able to from the underground channels to get coherent use of the code, joint sector Webkit flaws vulnerability bug use, and can be achieved from the click on the link to get Kernel permissions of the complete attack invasion. If the user no real-time update to the latest version of the iOS system, will face stringent security intimidating.

Table 1. Sector has been underground complete use of the Code of the common flaws vulnerability bug using statistical

Sector has been underground complete use of the Code of the common flaws vulnerability bug using statistical

Table 1 enumerates the sectors with a Grand persecution of iOS flaws vulnerability bug:

● Triple Fetch flaws vulnerability bug（CVE-2017-7047: the impact 10. 3. 2 and the previous iOS system, via the process of attack-invasion user-state XPC communication deserialization mechanisms of disadvantage, in order to achieve today the privileged user mode processes such as launchd, the coreauthd such as the random rate of the code to fulfill. Complete flaws exploits bug exploit code had been underground.

● ziVA series of kernel flaws vulnerability bug: affects 10. 3. 1 and the previous iOS system, via the process of attack-invasion core AppleAVEDriver of the logical shortcomings and thus give the Kernel permission. The attack invasion can be multiplexed above the Triple Fetch flaws vulnerability bug achieve post-sandbox escape, replete with flaws exploit the bug using the code once in a github underground.

● BroadPwn Wi-Fi flaws vulnerability bug（CVE-2017-6975: the impact 10. 3 and the previous iOS system, iOS equipment on the Broadcom Wi-Fi chip firmware contain a buffer overflow flaws vulnerabilities bugs. Attack the intruders can be via the process of collecting the indirect attack invasion Unified Wi-Fi hot under there flaws vulnerability bug of iOS equipment, where the victim does not perceive the environment in the other equipment on the operation of the vicious thoughts code.

● mach_voucher kernel flaws vulnerability bug（CVE-2017-2370: the impact 10. 2 and the previous iOS system, via the process of attack-invasion iOS 10 The newly introduced mach trap of the disadvantages to get a kernel space of the arbitrary whims of the reader. Extensive use of the code once Underground, the flaws vulnerability bug is also for the yalu 10.2 escaped object.
iOS into the class and flaws vulnerability bug fix strategy

In the iOS system for the user to supply moresecuritywith privacy screening strategy at the same time, for the iOS system flaws vulnerability bug also occurs year to year decline trend. Because the iOS system is also no hot fix effect, the user only via the process system into has a way to dispel the flaws vulnerability bug intimidating. In the snapped past year, Apple continuously announced 12 iOS version today the version number is 10. 3. 3 update, the total repair 338 security flaws vulnerabilities bugs, including 30 kernel flaws vulnerability bug, 106 the Webkit code to fulfil flaws vulnerability bug in this more high-risk flaws vulnerability bug complete use of the code once underground, you can indirectly give the system the highest authority, major intimidate the user security.

From 2016 year 9 month announced so far, iOS 10 system every 2 months once a small version into the class, each time the feed has a uniform repair singular ten high-risk security flaws vulnerability bug. Attack the intruder is able to through process of clicking on the link, visit the vicious thoughts-do line collection, device utilization, etc. approach to the architecture of the proposed attack invasion, the use of these high-risk flaws vulnerability bug to give the system the highest authority, and then reaches to steal the user sensitive information, long-distance monitoring, directional attack invasion.

Apple 开辟者 website performance, 2016 9 December, announced today, universal range of 87%of iOS users have into the class to iOS 10, but did not give a detailed version of the spread to the environment. But as mentioned before, the small version of the update is not real-time will still form a strict security intimidating.

Table 2. iOS 10 The version of the announced time, fix the flaws the vulnerability bug number statistics

iOS 10 The version of the announced time, fix the flaws the vulnerability bug number statistics

Table 2 enumeration containing the security update for the iOS version, announced time, distance, number of days and fix flaws vulnerability bug of the total number of Statistics Environment Statistics is removed iOS10 in three 10.0.2, to 10.0.3, to 10.1.1 no security updates to the version.

From the table of the disk calculated, the practice environment under uniform every 46 days the iOS system will stop once the system updates, each update uniform repair flaws vulnerability bug34. In some special circumstances, Apple will also decide in a shorter period announced the update, it is urgent to fix individual high-risk flaws vulnerability bug. For example, in order to repair sector iPhone 7/7Plus pre-installed iOS 10 system in the high-risk flaws vulnerability bug, preferably in the in the announced iOS10 Unity Day announced iOS 10.0.1, the“Trident”iOS APT attacks invasion in the kernel information revealed flaws vulnerability bug(CVE-2016-4655)to stop the repair; at the Project Zero officially awarded the blog of the underground flaws vulnerability bug details the day before the announced iOS 10.3.1 repair Qualcomm Wi-Fi chip feel free to rate code to fulfil flaws vulnerability bug（CVE-2017-6975 km.

[1] [2] [3] [4] next