Skip to main content

iOS 10.3.1 Fixes WiFi Vulnerability, iCloud Settings Bug

Apple released iOS 10.3.1 on April 3 to address a vulnerability involving the Wi-Fi chip on recent iPhone, iPad, and iPod Touch models. The update also fixed a bug that re-enabled some iCloud settings and features that were previously disabled without informing users of the change.

The company said on a support page that an "attacker within range may be able to execute arbitrary code on the Wi-Fi chip" of recent iOS devices via stack buffer overflow. This problem was resolved via "improved input authentication" that should prevent attackers from taking advantage of this vulnerability. That's good news if you like to use your iPad in a coffee shop, for example, or don't turn off your iPhone's Wi-Fi when you leave home. Both scenarios would leave you exposed to attacks that rely on your iOS device searching for a Wi-Fi network to which it might be able to connect.

Vulnerabilities like that are why experts recommend using the latest versions of whatever operating system you rely on. Other things help--being cautious with links, avoiding questionable apps, and so on--but installing updates is the easiest way to bolster your device's security. Problems arise when those updates change important settings, like those affecting data privacy, without any warning. That appeared to happen with iOS 10.3.1 when users reported that certain iCloud settings (backups, sync agenda, and the like) that were previously disabled had been quietly re-enabled.

There was no message informing users of this change. You would've had to scroll through your settings, notice something had changed, and wonder how it might have happened to connect the dots between updating iOS and having iCloud behave differently. It turns out that some of those dots weren't properly connected--Apple said in a statement to Tom's Hardware that this problem actually affected iOS 10.3 and was fixed in iOS 10.3.1:

We've identified an issue in the recent iOS 10.3 software update that impacted a small number of iCloud users. This bug may have inadvertently reenabled some iCloud services that users had previously disabled. We're sending an email to all affected customers to make them aware of the issue. We recommend that users who have upgraded to iOS 10.3 check their iCloud settings to manage the services they want to use or contact AppleCare with any questions. This bug has also been fixed in the new 10.3.1 release.

Apple's spokesperson also said that "it’s worth noting that this did not impact iCloud Photo Library, iCloud Keychain or Find My iPhone." Those features automatically sync photos, login credentials, and an iOS device's location, respectively, making them some of the most sensitive iCloud settings. Any information leaving your device and being stored in the cloud with your permission is a problem, but at least the most vulnerable data was unaffected. Apple will email you if you were affected by this bug, but in the meantime, it doesn't hurt to double check the settings just in case.