Apple has released a new version of iOS that includes a patch for a critical security vulnerability that could lead to arbitrary code execution.
The release of iOS 9.3.4 comes as Apple is already testing beta versions of iOS 10. The new version isn’t heavy on new features or functionality, but it’s an important update for security reasons. There’s only one vulnerability fixed in 9.3.4, but it’s a critical memory corruption bug that was discovered by Team Pangu, a group known for producing jailbreak tools for iOS.
“An application may be able to execute arbitrary code with kernel privileges,” the Apple security bulletin says.
Apple released the bulletin on the same day that Ivan Krstic, head of the company’s security engineering and architecture team, spoke at the Black Hat conference here on the security controls added to iOS 10. Krstic discussed the technical details of HomeKit, Auto Unlock and the iCloud keychain, as well as the Secure Enclave Processor.
The SEP is a separate processor in newer iPhones that handles many of the most sensitive security operations in iOS. Apple in the past has said little about the way the SEP operates or what its architecture is, but in addition to Krstic’s talk Thursday, a trio of researchers gave a presentation on the SEP and its inner workings and how it handles sensitive operations.