iOS 11 Tips

Top 11 iOS 11 Sесurіtу Bugѕ аnd Fіxеѕ

iOS 11 has been plagued with bugs and vulnerabilities since it launched in September 2017. Apple has said that it is focusing on stability in the next version of iOS - iOS 12, due later in 2018. There are over 100 bug fixes on this update, and it offers further enhancements like the ability to track your earbuds if you lose them and improved typing on Japanese and Chinese keyboard IMEs. Did you know that keeping your iOS device up to date is important for your device's security? Using an iPhone, iPad, or iPod with an outdated operating system can expose your to viruses and hackers. Take a look at the iOS 11 security issues to get a feel for these security improvements. Below are the iOS 11 vulnerability list:

1. Siri Bug

If you have received this error using Siri and cannot get Siri working on your iPhone 4S, you will be glad to know a very quick fix has been discovered.

Siri Notification Bug

How Do I Fix Siri Not Connecting Error?

If you are having troubles getting Siri to work on your iPhone 4S and cannot connect to a network you can follow the steps below to hopefully fix this problem.

Step # 1 – Launch the Settings.app from your SpringBoard and go to the General tab then tap disable Siri.

Step # 2 – Exit the Settings.app by pressing the home button and turn your iPhone 4S off.

Step # 3 – Turn your iPhone 4S back on and re-enable Siri.

After following the steps above to fix the Siri not connecting problem you should notice Siri is once again working. If Siri is still not working you can try the optional step shown below.

Optional Step – Launch the Settings.the app, go to the General tab followed by the Reset tab and tap the Reset Network Settings button.

2. QR Code Bug

A new vulnerability has been disclosed in iOS Camera App that could be exploited to redirect users to a malicious website without their knowledge.

The iOS 11 security vulnerabilities affects Apple's latest iOS 11 mobile operating system for iPhone, iPad, and iPod touch devices and resides in the built-in QR code reader. With iOS 11, Apple introduced a new feature that gives users ability to automatically read QR codes using their iPhone's native camera app without requiring any third-party QR code reader app. QR (Quick Response) code is a quick and convenient way to share information, but the issue becomes particularly more dangerous when users rely on QR codes for making quick payments or opening banking websites, where they might end up giving their login credentials away to phishing websites.

iOS 11 QR Code Bug

It's a handy tool that negates the need for a third-party QR code reader, but it needs work. Researchers at InfoSec have discovered a flaw in the way in which the reader parses URLs that could be exploited to lead users to malicious websites.

By embedding URLs in a certain format, an attacker can trick iOS into showing users one website but then leading them to another. For example, the QR code below will cause iOS to ask you if you want to visit Facebook, but when you open it, it will take you to the InfoSec website instead. Scan this code in iOS 11 to see the flaw for yourself.

3. Meltdown and Spectre Vulnerabilities

The Spectre attacks are extremely difficult to exploit, even if a malicious app is running locally on a macOS or iOS device. However, the attacks can be exploited in JavaScript running in the browser. A successful attack could expose passwords and other secrets. The new update comes with a number of bug fixes and security enhancements, including a fix for the Spectre vulnerability that was revealed earlier this month.

iPhone and iPad users can download iOS 11 to their devices immediately. To install the update, go to the Settings app, then look under the General tab and go to Software Update.

Meltdown and Spectre Vulnerabilities

4. Fixing Spectre

In its release notes for iOS 11 security fixes, Apple specifically mentions the update contains some new additions that are expected to mitigate the effects of Spectre via Safari.

The Spectre bug was discovered in ARM processors late last year but news of it only went public at the beginning of 2018. Even though iOS devices were affected, Apple said there are no known exploits at this time. A similar flaw called Meltdown was also discovered on Intel chips, but Apple has already released a fix for that. iOS 11 is available for iPhone 5s and later, iPad Air and later, and iPod touch 6th generation.

5. Safari Vulnerability

Apple has released three new security updates aimed at protecting Safari and WebKit from the Spectre attack. The three updates make changes to iOS, macOS, and Safari itself, but in each case, the stated goal is protecting Safari and the underlying browser engine against attacks exploiting the recently published Spectre vulnerability.

Few further details are available on the updates, although Apple's description indicates the purpose of the updates is to protect against Spectre attacks. The researchers responsible for discovering the iOS privacy bugs.

iOS 11 Safari Vulnerability

This module abuses some Safari functionality to force the download of a zipped .app OSX application containing our payload. The app is then invoked using a custom URL scheme. At this point, the user is presented with Gatekeeper's prompt: "APP_NAME" is an application downloaded from the internet. Are you sure you want to open it? If the user clicks "Open", the app and its payload are executed. If the user has the "Only allow applications downloaded from Mac App Store and identified developers (on by default on OS 10.8+), the user will see an error dialog containing "can't be opened because it is from an unidentified developer."

To work around this issue, you will need to manually build and sign an OSX app containing your payload with a custom URL handler called "openurl". You can put newlines and unicode in your APP_NAME, although you must be careful not to create a prompt that is too tall, or the user will not be able to click the buttons, and will have to either log out or kill the CoreServicesUIAgent process.

6. Wireless Network Vulnerability

Vulnerability assessments can help you find and fix WLAN weaknesses before attackers take advantage of them. But where do you start? What should you look for? Have you covered all the bases?

Open Wi-Fi networks are bastions for malicious intent. While some people genuinely want to share and others are ignorant as to the possible outcomes or the ability to secure the networks, others blatantly leave the networks open. Again, you have no way to make sure no one can intercept and read and/or modify your data.

If you are connecting to a network that is named after an establishment, you should check to verify they even have a Wi-Fi network before connecting. Many attackers will name their networks after establishments to get people to connect so they can steal their data (see below). The "*" in all the sentences above refers to only connecting to the network and not using any encryption in transit such as a Virtual Private Network (VPN). You should also thoroughly research any VPN Applications or Software you use to ensure that it is legitimate and that the provider is committed to keeping you safe.

If iPhones use Wi-Fi networks to connect to enterprise resources, encryption and authentication can help reduce iPhone security issues. Use Wi-Fi Protected Access 2 (WPA2) Enterprise, a protocol that features 128-bit encryption and 802.1x authentication. WPA2 Enterprise is native to iOS, but it requires a Remote Authentication Dial-In User Service server to handle authentication.

iOS 11 Wireless Network Vulnerability

7. HomeKit Bug

iOS 11 came with a security hole in Apple's HomeKit app. The vulnerability could allow hackers to gain control of the IoT devices connected to the application. Due to the error, cybercriminals were allowed to unlock the doors, use smart lights and other iOS devices connected to the HomeKit app. Apple soon afterward fixed the error with iOS 11.

iOS 11 HomeKit Bug

8. Bluetooth and Wi-Fi Confusion

iOS 11 brought an updated Control Center, but also made it more difficult to disable Wi-Fi and Bluetooth connections. When the Wi-Fi and Bluetooth options are disabled via the Control Center, the functions are not completely closed. Instead, the iPhone or iPad breaks the user's devices and networks, but the radios stay on. The change is not a bug, but rather is a different design under iOS 11, resulting in confusing users. To completely disable Bluetooth users, go to Settings > Bluetooth > Off. For Wi-Fi, users can go to Settings > Wi-Fi.

iOS 11 Bluetooth and  Wifi Confusion

9. Creaking Earphone

iOS 11 has also caused a crack in phone calls or FaceTime. iPhone users have been forced to use headphones or the speakerphone option to avoid pests. Apple released a bug fix in October and said the problem was affecting a small number of users. Users around the world know the problems between different providers.

iOS 11 creaking earphone

10. GPS Problem

Some iPhone 8 and iPhone X users have complained of a problem with the GPS system on their device. Users said that the GPS on iOS 11 was wrong and that the problem could not be solved in the Apple Store. The problem persisted even when we gave them a replacement iPhone. Some users have seen the bug disappear in the iOS 11.2 beta, but the official update did not solve the problem.

iOS 11 GPS problem

11. Empty Battery

The iOS features 11 may be too much for older iPhones that do not have the latest Bionic A11 chip that is available on iPhone and iPhone 8 X. New features such as augmented reality support, so users on their battery can see the devices drain faster. Here are some tips to work around the problem.

iOS 11 Battery Drain Bug

Bonus Tip: How to Keep Your iPhone in Better Performance?

How to improve your iPhone in better performance? As a matter of fact, you might as well using Tenorshare iCareFone Cleaner. Now it's a freeware to clean up junk files in Apple smartphone and also accelerate iOS running speed.

icarefone cleaner

Summary

The iPhone is also susceptible to remote code injection attacks and to hackers intercepting wireless signals. In addition, careless practices by end users, such as syncing data to an unsecured computer or cloud service, can result in unauthorized access to enterprise resources. Viruses, worms and Trojan horses can also access secure resources for the purposes of disrupting services, causing damage or extracting confidential information. For the most part, the iPhone malware hasn't been an issue because Apple tightly controls the applications allowed to run on iOS. But many security experts think it's just a matter of time before renegade coders develop malware capable of infiltrating iOS. Users who have jailbroken their phones are already susceptible.

Given the rapidly growing number of enterprise iPhones, IT has no choice but to confront these security challenges head-on. Wi-Fi security measures, virtual private networks (VPNs) and Exchange ActiveSync are just some of the tools and strategies that can help abate the security risks that come with iPhones.

/ Posted by Jenefey Aaron to iOS 11 Follow @Jenefey Aaron