Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
HomePod Update
- Thread starter ericgtr12
- Start date
- Sort by reaction score
iOS 11.2.5 wasn't just an update to allow HomePod functionality, it also included the ability for Siri to read the news (US, UK and Australia only). The update also included bug fixes, improvements and security patches. The update hasn't been forced to install on anyones device that I know of, they may get the occasional prompt but they can deal with that.
https://support.apple.com/kb/HT201222
If you want to read more about the security fixes I have posted them below this;
iOS 11.2.5
Released January 23, 2018
Audio
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution
Description: A memory corruption issue was addressed through improved input validation.
CVE-2018-4094: Mingi Cho, MinSik Shin, Seoyoung Kim, Yeongho Lee and Taekyoung Kwon of the Information Security Lab, Yonsei University
Core Bluetooth
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: An application may be able to execute arbitrary code with system privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2018-4087: Rani Idan (@raniXCH) of Zimperium zLabs Team
CVE-2018-4095: Rani Idan (@raniXCH) of Zimperium zLabs Team
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: An application may be able to read restricted memory
Description: A memory initialization issue was addressed through improved memory handling.
CVE-2018-4090: Jann Horn of Google Project Zero
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: An application may be able to read restricted memory
Description: A race condition was addressed through improved locking.
CVE-2018-4092: Stefan Esser of Antid0te UG
Entry updated January 26, 2018
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: A malicious application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed through improved input validation.
CVE-2018-4082: Russ Cox of Google
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input sanitization.
CVE-2018-4093: Jann Horn of Google Project Zero
LinkPresentation
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: Processing a maliciously crafted text message may lead to application denial of service
Description: A resource exhaustion issue was addressed through improved input validation.
CVE-2018-4100: Abraham Masri (@cheesecakeufo)
QuartzCore
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A memory corruption issue existed in the processing of web content. This issue was addressed through improved input validation.
CVE-2018-4085: Ret2 Systems Inc. working with Trend Micro's Zero Day Initiative
Security
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: A certificate may have name constraints applied incorrectly
Description: A certificate evaluation issue existed in the handling of name constraints. This issue was addressed through improved trust evaluation of certificates.
CVE-2018-4086: Ian Haken of Netflix
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: Multiple memory corruption issues were addressed with improved memory handling.
CVE-2018-4088: Jeonghoon Shin of Theori
CVE-2018-4089: Ivan Fratric of Google Project Zero
CVE-2018-4096: found by OSS-Fuzz
https://support.apple.com/kb/HT201222
If you want to read more about the security fixes I have posted them below this;
iOS 11.2.5
Released January 23, 2018
Audio
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution
Description: A memory corruption issue was addressed through improved input validation.
CVE-2018-4094: Mingi Cho, MinSik Shin, Seoyoung Kim, Yeongho Lee and Taekyoung Kwon of the Information Security Lab, Yonsei University
Core Bluetooth
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: An application may be able to execute arbitrary code with system privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2018-4087: Rani Idan (@raniXCH) of Zimperium zLabs Team
CVE-2018-4095: Rani Idan (@raniXCH) of Zimperium zLabs Team
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: An application may be able to read restricted memory
Description: A memory initialization issue was addressed through improved memory handling.
CVE-2018-4090: Jann Horn of Google Project Zero
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: An application may be able to read restricted memory
Description: A race condition was addressed through improved locking.
CVE-2018-4092: Stefan Esser of Antid0te UG
Entry updated January 26, 2018
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: A malicious application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed through improved input validation.
CVE-2018-4082: Russ Cox of Google
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input sanitization.
CVE-2018-4093: Jann Horn of Google Project Zero
LinkPresentation
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: Processing a maliciously crafted text message may lead to application denial of service
Description: A resource exhaustion issue was addressed through improved input validation.
CVE-2018-4100: Abraham Masri (@cheesecakeufo)
QuartzCore
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A memory corruption issue existed in the processing of web content. This issue was addressed through improved input validation.
CVE-2018-4085: Ret2 Systems Inc. working with Trend Micro's Zero Day Initiative
Security
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: A certificate may have name constraints applied incorrectly
Description: A certificate evaluation issue existed in the handling of name constraints. This issue was addressed through improved trust evaluation of certificates.
CVE-2018-4086: Ian Haken of Netflix
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: Multiple memory corruption issues were addressed with improved memory handling.
CVE-2018-4088: Jeonghoon Shin of Theori
CVE-2018-4089: Ivan Fratric of Google Project Zero
CVE-2018-4096: found by OSS-Fuzz
Would like an explanation on the "forced" statement?
Please think twice before making threads.
Will do, as soon as Apple thinks twice about making me take an update for a product I will never purchase.
As you can see by the comments in this very thread, along with countless other information on other websites, including Apple’s, you’re 100% wrong in your thinking.
Okay, I suppose if I don't want any patches at all I can opt out and not run their update. Otherwise, I must take it. Same goes for any other piece of hardware that Apple releases that isn't the iPhone itself. I get they want to release/patch these things but we should have the ability to opt-in/out if we don't use them.
Wow just wow. Ive read some doozies on here but this one has to be at the top.
Nobody forced you to update a darn thing.
Nobody forced you to update a darn thing.
I literally wrote this post and deleted it 10 times as I couldn't find the right words to put in here to describe how epically numpty-esque this is.
Hahaha, well done.
Is it literally just bothering you that the release notes mention HomePod support? Do you get worked up when they mention things like new languages for Siri, or a patch for a bug that doesn't affect your iPhone model as well?
Just because it’s there doesn’t mean you need to use it. It’ll sit dormant, you’re never use it, and really you’ll forget it’s there in a week. Of course when HomePod launches next week you’ll get triggered again for remembering that your phone is capible of connecting to a HomePod.
Seriously though, it’s easier to build one OS with all the features, then trying to make them “optional downloads” the way Windows handles drivers. You’re litersllly asking to turn iOS into Windows the way you have to manage drivers.
Are you seriously arguing that Apple made a "HomePod Update" simply because HomePod is part of it? It isn't even a major part of it, in my opinion.
Hope the OP owns an Apple Watch are they have been mercilessly suffering for a few years now.
