iOS 10.3.1 Provides Important Security Fix
Hot on the heels of the iOS 10.3 update (see “iOS 10.3 Adds New File System, Find My AirPods, and More,” 27 March 2017), Apple has rolled out iOS 10.3.1 with a bare minimum of release notes: “iOS 10.3.1 includes bug fixes and improves the security of your iPhone or iPad.” You can install the roughly 30 MB update via Settings > General > Software Update or through iTunes.
Apple lists only one security fix, but it’s a doozy, and undoubtedly explains why Apple pushed 10.3.1 out so quickly. The update addresses an exploit that could have enabled an attacker within range to execute arbitrary code on the Wi-Fi chip in an iOS device. We hope this bug existed only in iOS 10.3.
If you have already updated to iOS 10.3, we recommend installing 10.3.1 to get this security fix. If you’re still running iOS 10.2.1, stick with it for another week or so to make sure 10.3.1 doesn’t introduce some new problem.
This bug could easily affect versions before iOS 10.3. It was reported to Broadcom in December, therefore was discovered before iOS 10.3's first beta was released. The initial report may have been for Android devices, and it isn't clear when it was discovered to also affect iOS devices. The blog post from Google Project Zero says that the Broadcom chipset in question has been used since the iPhone 4, therefore it might affect versions as far back as iOS 4 on new enough models (iPhone 4 or later, all iPads, recent iPod Touch).
The question is when the "Fast BSS Transition" feature with the bug was implemented on iOS: if Apple didn't implement it until a later iOS version, then earlier versions might be safe.
This needs testing with the demo exploit to confirm which iOS versions are affected.
For now, I'd assume all recent iOS versions are potentially affected, therefore all devices able to update to iOS 10.3.1 should do so, but it isn't urgent yet as the exploit hasn't been available for long.
Devices which can't upgrade to iOS 10 might be vulnerable; if so they are unlikely to get a fix unless Apple decides to do a "late" security update for iOS 9 (an iOS 7 fix for the iPhone 4 is even less likely).
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6975
https://googleprojectzero.blogspot.com/2017/04/over-air-exploiting-broadcoms-wi-fi_4.html
https://bugs.chromium.org/p/project-zero/issues/detail?id=1059
Thanks for the details, David! Sounds like this will be a real reason to move to 10.3.1 sooner rather than later for those devices that can do it.
Adam et al -- Dis you mean a reason to move from 10.3 to 10.3.1 or to move from 10.2.n up a notch (after a full backup, of course)?
We haven't been hearing of problems with 10.3, so yes, I think it's safe to update now and take advantage of 10.3.1's security fix.