Upgrading iOSes can be a minor pain, and it’s easy to ignore the dialogue boxes encouraging you to do so, especially when the biggest feature Apple is touting for its latest upgrade is Night Shift, which, uh, changes the color of your screen depending on the time of day. But Apple is also patching two major security flaws for this version, which is more than reason enough to find your USB cord and tear yourself away from the phone for the time it’ll take to upgrade.
The first is a problem with iMessage encryption. While the text you send over iMessage is as secure as it’s always been, a recently discovered security bug would allow hackers to potentially decrypt photos and videos sent over the service. (And, let’s be honest: For most of us, we’re a lot more concerned about the photos and videos we send than the text. It’s hard to take a nude ASCII selfie.)
From the Washington Post:
To intercept a file, the researchers wrote software to mimic an Apple server. The encrypted transmission they targeted contained a link to the photo stored in Apple’s iCloud server as well as a 64-digit key to decrypt the photo.
Although the students could not see the key’s digits, they guessed at them by a repetitive process of changing a digit or a letter in the key and sending it back to the target phone. Each time they guessed a digit correctly, the phone accepted it. They probed the phone in this way thousands of times.
As bad as that sounds — in particular given the recent debate about encryption and law enforcement — the second bug is much scarier. It’s a vulnerability that allows an intruder to execute code remotely via a Wi-Fi driver, allowing an attacker to “use specially crafted wireless control message packets to corrupt kernel memory in a way that leads to remote code execution in the context of the kernel.”
In case, for some reason, that quote doesn’t make perfect sense to you, it means that if you’re connected to Wi-Fi — even private Wi-Fi, even with a VPN — you’re vulnerable to an attack that would allow a hacker connected to the same Wi-Fi network to execute code at the device’s most foundational level. Scarily, this bug has been known since at least February 1, when it was patched for Android.
Not good! Update your phone: It’s easy. From the phone, go to Settings; then General; then Software Update; and tap Download and Install. Do it now; don’t wait for tonight. Within an hour you’ll be able to get back to sending nude photos over Wi-Fi without needing to worry.