AppleがiPhoneなど向けiOS 11.2.5をリリース!

Appleは23日(現地時間)、iPhoneやiPadなど向けプラットフォーム「iOS」の最新バージョン「iOS 11.2.5」を提供開始したとお知らせしています。


なお、手元のiPhone Xなどでは各仮想移動体通信事業者(MVNO)でも「mineo」のAプラン(VoLTE対応)などのau回線を用いたサービスも含めて引き続き利用できていますが、どうしても心配な人は公式の動作確認を待ってみてください。

iPhoneやiPadなど向けの最新プラットフォームであるiOS 11は、正式版が日本時間9月20日にリリースされ、その後、次世代モデル「iPhone X」の発売に合わせて「iOS 11.1」が提供、さらに12月2日に「iOS 11.2」が提供されてさらにその修正版「iOS 11.2.1」や「iOS 11.2.2」が配信されていましたが、今回、珍しくバージョン番号を11.2.3や11.2.4を飛ばしてHomePod対応などを行うiOS 11.2.5が配信開始されました。

今回配信開始されたiOS 11.2.5の対象機種は、iOS 11の対象機種であるiPhone 5s以降およびiPad 5・iPad Air・iPad mini 2・iPad Pro以降、iPod touch(第6世代)も含めた合計20機種となっており、それぞれ無料でダウンロードしてアップデートすることが可能です。


なお、単体でアップデートする場合のダウンロードサイズは手持ちのiPhone 7 Plusで164.9MBとファイルサイズはそれほど大きくはありませんが、携帯電話ネットワークのデータ通信量(GB)を減らしたくない場合にはWi-Fiなどを利用しましょう。Appleが案内しているアップデートの内容は以下の通り。

iOS 11.2.5にはHomePodのサポートが含まれ、Siriにニュースの読み上げ機能が追加されました(アメリカ、イギリス、オーストラリアのみ)。このアップデートには、バグの修正および改善も含まれます。


 Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
 Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution
 Description: A memory corruption issue was addressed through improved input validation.
 CVE-2018-4094: Mingi Cho, MinSik Shin, Seoyoung Kim, Yeongho Lee and Taekyoung Kwon of the Information Security Lab, Yonsei University

Core Bluetooth
 Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
 Impact: An application may be able to execute arbitrary code with system privileges
 Description: A memory corruption issue was addressed with improved memory handling.
 CVE-2018-4087: Rani Idan (@raniXCH) of Zimperium zLabs Team
 CVE-2018-4095: Rani Idan (@raniXCH) of Zimperium zLabs Team

 Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
 Impact: An application may be able to read restricted memory
 Description: A memory initialization issue was addressed through improved memory handling.
 CVE-2018-4090: Jann Horn of Google Project Zero

 Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
 Impact: An application may be able to read restricted memory
 Description: A race condition was addressed through improved locking.
 CVE-2018-4092: an anonymous researcher

 Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
 Impact: A malicious application may be able to execute arbitrary code with kernel privileges
 Description: A memory corruption issue was addressed through improved input validation.
 CVE-2018-4082: Russ Cox of Google

 Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
 Impact: An application may be able to read restricted memory
 Description: A validation issue was addressed with improved input sanitization.
 CVE-2018-4093: Jann Horn of Google Project Zero

 Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
 Impact: Processing a maliciously crafted text message may lead to application denial of service
 Description: A resource exhaustion issue was addressed through improved input validation.
 CVE-2018-4100: Abraham Masri (@cheesecakeufo)

 Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
 Impact: Processing maliciously crafted web content may lead to arbitrary code execution
 Description: A memory corruption issue existed in the processing of web content. This issue was addressed through improved input validation.
 CVE-2018-4085: Ret2 Systems Inc. working with Trend Micro's Zero Day Initiative

 Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
 Impact: A certificate may have name constraints applied incorrectly
 Description: A certificate evaluation issue existed in the handling of name constraints. This issue was addressed through improved trust evaluation of certificates.
 CVE-2018-4086: Ian Haken of Netflix

 Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
 Impact: Processing maliciously crafted web content may lead to arbitrary code execution
 Description: Multiple memory corruption issues were addressed with improved memory handling.
 CVE-2018-4088: Jeonghoon Shin of Theori
 CVE-2018-4089: Ivan Fratric of Google Project Zero
 CVE-2018-4096: found by OSS-Fuzz


・エスマックス(S-MAX) smaxjp on Twitter
・S-MAX - Facebookページ
・iOS 11 関連記事一覧 - S-MAX
・About the security content of iOS 11.2.5 - Apple Support