Hi all,
Applying this security update is probably a great idea (thanks Lynn for giving
us this info). I wanted to pass along though, that I had a great deal of
trouble because I setup my Apple ID without turning on “two factor
identification” (or maybe it wasn’t available then. When you install this
update, it comes up with a requirement that you login to Apple ID using two
factor ID, which means you need a “trusted phone” which you can use to receive
your verification code. It wasn’t at all clear if I could use the phone I was
currently trying to update, and I just happened to have entered by home
landline number as a trusted phone number for my Apple ID account.
I don’t even know what to advise others to do before applying this update (if
you were like me and did not have two factor authentication already enabled).
Perhaps it’s best if you go to your Apple account and enter some other phone
number which you can use as a trusted phone before you apply this update.
Hth,
Chip
From: tabi-bounce@xxxxxxxxxxxxx [mailto:tabi-bounce@xxxxxxxxxxxxx] On Behalf Of ;
Lynn Evans
Sent: Tuesday, October 25, 2016 3:40 PM
To: tabi@xxxxxxxxxxxxx
Subject: [tabi] Update iOS 10.1 Security Flaw JPEG Executiable
http://nymag.com/selectall/2016/10/update-ios-10-1-security-flaw-jpeg-executiable.html?utm_source=howtogeek
<http://nymag.com/selectall/2016/10/update-ios-10-1-security-flaw-jpeg-executiable.html?utm_source=howtogeek&utm_medium=email&utm_campaign=newsletter>
&utm_medium=email&utm_campaign=newsletter
Security Warning: Update Your iPhone’s iOS Now. Like, Right Now.
<http://nymag.com/author/Jake%20Swearingen/> Jake Swearingen •October 24, 2016
4:34 p.m.
<http://pixel.nymag.com/imgs/daily/selectall/2016/10/24/24-update-ios-iphone.w710.h473.jpg>
Photo: Apple, Getty Images
Normally with a new iOS update, it’s best to wait a few days and make sure the
kinks have been worked out. But with iOS 10.1, out today, just go ahead and
grab the thing as soon as possible. That’s because security researcher
<https://twitter.com/marcograss> Marco Grassi found
<https://support.apple.com/en-us/HT207271> this security hole:
<http://pixel.nymag.com/imgs/daily/selectall/2016/10/24/securitybug.nocrop.w710.h2147483647.png>
What makes this scary is that someone could use this vulnerability simply by
getting you to view — not download, not install — a JPEG file (which are, of
course, pretty much everywhere on the web).
Per its standard practice, Apple is staying mum on which iOS versions were
affected or how the hack worked in practice, but the bug has been entered into
the <https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2016-4673> Common
Vulnerabilities and Exposures database, so more information should be available
soon. In the meantime, go update your iOS.
As a bonus, if you have an iPhone 7 Plus,
<http://nymag.com/selectall/2016/09/apple-iphone-7-plus-portrait-mode-on-instagram.html>
the update’ll also unlock Portrait mode — which makes it very easy to take
some very nice photos.
Sent from my iPad
