iOS 10.3.1 Fixes WiFi Vulnerability, iCloud Settings Bug

Apple released iOS 10.3.1 on April 3 to address a vulnerability involving the Wi-Fi chip on recent iPhone, iPad, and iPod Touch models. The update also fixed a bug that re-enabled some iCloud settings and features that were previously disabled without informing users of the change.

The company said on a support page that an "attacker within range may be able to execute arbitrary code on the Wi-Fi chip" of recent iOS devices via stack buffer overflow. This problem was resolved via "improved input authentication" that should prevent attackers from taking advantage of this vulnerability. That's good news if you like to use your iPad in a coffee shop, for example, or don't turn off your iPhone's Wi-Fi when you leave home. Both scenarios would leave you exposed to attacks that rely on your iOS device searching for a Wi-Fi network to which it might be able to connect.

Vulnerabilities like that are why experts recommend using the latest versions of whatever operating system you rely on. Other things help--being cautious with links, avoiding questionable apps, and so on--but installing updates is the easiest way to bolster your device's security. Problems arise when those updates change important settings, like those affecting data privacy, without any warning. That appeared to happen with iOS 10.3.1 when users reported that certain iCloud settings (backups, sync agenda, and the like) that were previously disabled had been quietly re-enabled.

There was no message informing users of this change. You would've had to scroll through your settings, notice something had changed, and wonder how it might have happened to connect the dots between updating iOS and having iCloud behave differently. It turns out that some of those dots weren't properly connected--Apple said in a statement to Tom's Hardware that this problem actually affected iOS 10.3 and was fixed in iOS 10.3.1:

We've identified an issue in the recent iOS 10.3 software update that impacted a small number of iCloud users. This bug may have inadvertently reenabled some iCloud services that users had previously disabled.  We're sending an email to all affected customers to make them aware of the issue. We recommend that users who have upgraded to iOS 10.3 check their iCloud settings to manage the services they want to use or contact AppleCare with any questions. This bug has also been fixed in the new 10.3.1 release.

Apple's spokesperson also said that "it’s worth noting that this did not impact iCloud Photo Library, iCloud Keychain or Find My iPhone." Those features automatically sync photos, login credentials, and an iOS device's location, respectively, making them some of the most sensitive iCloud settings. Any information leaving your device and being stored in the cloud with your permission is a problem, but at least the most vulnerable data was unaffected. Apple will email you if you were affected by this bug, but in the meantime, it doesn't hurt to double check the settings just in case.

This thread is closed for comments
1 comment
    Your comment
  • evestigator
    Simon Smith, eVestigator, http://www.simonsmithevestigator.com.au, Cyber Security expert here. As vendors close in to get market share they close in on software and hardware binding equally. This is something to look out for. Adding more fuel to the fire, Apple Macbook Air’s I happen to know for a fact (and I’m sure most of their product line) rely on the WiFi chip for authentication of a device ID to allow OS upgrades. If your WiFi busts, don’t think you can pull out the old WiFi dongle. You are stuck on that version of Mac forever. The hardware and software combination that Apple like to use is becoming extremely dangerous. One chip failure can render an entire computer useless. From my own personal experience, as this machine was out of warranty, Apple would only replace at a cost the entire Motherboard for a $3 chip. So beware, there is another technicality to add to the puzzle. Lucky this time, it was fixable by software, next time – maybe not so lucky.