Vulnerability Management

The brick doesn’t fall far from the Apple tree

Apple has released a series of security updates to both tvOS, iOS, watchOS, OSX, Safari and iTunes. Some iPad Pro users are saying that iOS version 9.3.2 has “bricked” their devices.

A wide range of security vulnerabilities has been patched in this round of updates, including:

  • Ordinary apps acquiring admin powers. This allows a user-level program to sidestep the “Type your password to allow this” security pop-up, and secretly to elevate its own privilege.

  • Stopping crooks bypassing address randomisation, by not allowing apps to work out exact memory locations used by the kernel. This can help make it harder to guess how to hack into the system.

  • Stopping regular apps from reading kernel memory. This shouldn't happen because the kernel holds privileged data that normal users aren't supposed to see.

  • Stopping content booby-trapped in a webpage from running program code without any warnings. Remote Code Execution like this are often used in drive-by malware installs, and can be combined with an elevation of privilege attack to take over the whole computer in one go.

Bricked iPhones

The most common reason this happens during a software update is because of the OTA (Over The Air) process that Apple uses to update the iOS system onboard the device.  

When an update is done this way, and not by connecting the device to iTunes, iOS only has to download the new bits of the system during an update. This results in downloads that are a fraction of the size. iOS 9.3.2 is 2.08GB's in total, using OTA it has to download a file a 10th of the size, if you're upgrading from 9.3.1.

Unfortunately, some iPad Pro users claim to be experiencing updating errors, even after using iTunes to carry out the failed update. It would mean that the update process failed to meld together elements of the new and old OS.

The term “bricked” seeks to imply that the phone is worth as much as a brick because it isn't working.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.