Apple releases iOS 11.3.1 alongside security updates for macOS 10.13.4

  News
image_pdfimage_print
Enlarge / The 2018 iPad running iOS 11.3.
Samuel Axon

Today, Apple released small software updates for iPhones, iPads, and Macs: iOS 11.3.1 for the mobile devices, and a security update to the already-released macOS 10.13.4 for Macs.

At just over 49 megabytes, iOS 11.3.1 is a minor update that fixes iPhone 8s for users whose touchscreens were rendered unresponsive by aftermarket replacement displays. iOS 11.3 caused iPhones that had been serviced by outside vendors to have this issue. Users expressed frustration that it seemed Apple was punishing them for not going through the company’s own process for repairs.

The patch notes below include a warning from Apple to steer clear of “non-genuine replacement displays.” Apple’s value proposition has always been around total control of the hardware to ensure a smooth experience. The company used these update notes to stress that yet again, the subtext being that the company can’t be expected to support work done by other entities.

Despite Apple’s longstanding stance that it doesn’t support problems in these cases, the update nevertheless claims to fix the problem. Here are those update notes:

iOS 11.3.1 improves the security of your iPhone or iPad and addresses an issue where touch input was unresponsive on some iPhone 8 devices because they were serviced with non-genuine replacement displays.

Note: Non-genuine replacement displays may have compromised visual quality and may fail to work correctly. Apple-certified screen repairs are performed by trusted experts who use genuine Apple parts. See support.apple.com for more information.

For information on the security content of Apple software updates, please visit this website: https://support.apple.com/kb/HT201222

The macOS update is designated Security Update 2018-001 for macOS 10.13.4. It adds no new features or functionality; rather, it addresses two notable security vulnerabilities, as outlined in the update notes below:

Crash Reporter

Available for: macOS High Sierra 10.13.4

Impact: An application may be able to gain elevated privileges

Description: A memory corruption issue was addressed with improved error handling.

CVE-2018-4206: Ian Beer of Google Project Zero

LinkPresentation

Available for: macOS High Sierra 10.13.4

Impact: Processing a maliciously crafted text message may lead to UI spoofing

Description: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.

CVE-2018-4187: Zhiyang Zeng (@Wester) of Tencent Security Platform Department, Roman Mueller (@faker_)

Both updates are available for download now on devices that support iOS 11 and macOS High Sierra.

https://arstechnica.com/?p=1298601