iOS 11.3 release notes

0
148

On Thursday, March 29, 2018, Apple released the iOS 11.3 software update for iPhone, iPad and iPod touch with battery health assessment in Settings, the ability to disable Apple’s controversial CPU throttling at will and other new features.

You can download iOS 11.3 directly from our Downloads section.

The iOS 11.3 software is compatible with any iPhone model from iPhone 5s onward, as well as with iPad Air or later and the sixth-generation iPod touch.

To update your device to the latest available version of iOS, go to Settings → General → Software Update and follow the onscreen instructions. To deploy the update using your computer, connect an iOS device to a Mac or Windows PC, select it in iTunes, then select the Summary tab and click the Check for Update button.

Subscribe to iDownloadBlog on YouTube

The new battery health and performance management features are iPhone-only and available in Settings → Battery → Battery Health (Beta).

Off by default, performance smoothing kicks in once your iPhone starts experiencing unexpected shutdowns due to an excessive draw on its worn-out battery. You can turn this off by tapping a tiny Disable button to keep your iPhone operating at full speed, but at the risk of unexpectedly shutting down and reducing your battery lifespan.

Apple outlined how this works in a support document on its website:

Users can see if the performance management feature that dynamically manages maximum performance to prevent unexpected shutdowns is on and can choose to turn it off.

This feature is enabled only after an unexpected shutdown first occurs on a device with a battery that has diminished ability to deliver maximum instantaneous power. This feature applies to iPhone 6, iPhone 6 Plus, iPhone 6s, iPhone 6s Plus, iPhone SE, iPhone 7, and iPhone 7 Plus.

Aside from battery health assessment on iPhone, iOS 11.3 also includes a new iPad charge management feature designed to prolong battery health on Apple tablets that are connected to power for long periods of time.

Here’s everything new, fixed and improved in the iOS 11.3 software:

iOS 11.3 release notes

iOS 11.3 introduces new features including ARKit 1.5 with support for more immersive augmented reality experiences, iPhone Battery Health (Beta), new Animoji for iPhone X users and more. This update also includes stability improvements and bug fixes.

Augmented Reality

  • ARKit 1.5 allows developers to place digital objects on vertical surfaces like walls and doors in addition to horizontal surfaces
  • Adds support for detecting and incorporating images like movie posters or artwork into augmented reality experiences
  • Supports a higher resolution real world camera view when using augmented reality experiences

iPhone Battery Health (Beta)

  • Displays information on iPhone maximum battery capacity and peak performance capability
  • Indicates if the performance management feature that dynamically manages maximum performance to prevent unexpected shutdowns is on and includes the option to disable it
  • Recommends if a battery needs to be replaced

iPad charge management

  • Maintains battery health when iPad is connected to power for prolonged periods of time, such as when it is used in kiosks, point of sale systems or stored in charging carts

Animoji

  • Introduces four new Animoji on iPhone X: lion, bear, dragon and skull

Privacy

  • When an Apple feature asks to use your personal information, an icon now appears along with a link to detailed information explaining how your data will be used and protected

Business Chat (Beta)—US only

  • Communicate with companies to easily ask questions, schedule appointments and make purchases inside the built-in Messages app on iPhone and iPad

Health Records (Beta)—US only

  • Access health records and view lab results, immunizations and more in a consolidated timeline in the Health app

Apple Music

  • Features a new music video experience, including an updated Music Videos section with exclusive video playlists
  • Find friends that have similar tastes using updated suggestions in Apple Music that reveal genres people enjoy and mutual friends that follow them

News

  • Top Stories now always appear first in For You
  • Watch Top Videos curated by News editors

App Store

  • Adds ability to sort customer reviews on product pages by Most Helpful, Most Favorable, Most Critical or Most Recent
  • Improves Updates tab information with app version and file size

Safari

  • Helps protect privacy by only AutoFilling usernames and passwords after selecting them in a web form field
  • Includes warnings in the Smart Search Field when interacting with password or credit card forms on non-encrypted web pages
  • AutoFill for usernames and passwords is now available in web views within apps
  • Articles shared to Mail from Safari are now formatted using Reader mode by default when Reader is available
  • Folders in Favorites now show icons for the bookmarks contained within

Keyboards

  • Adds two new Shuangpin keyboard layouts
  • Adds support for connected hardware keyboards using the Turkish F keyboard layout
  • Improves Chinese and Japanese keyboards for better reachability on on 4.7-inch and 5.5-inch devices
  • Enables switching back to the keyboard after dictation with just one tap
  • Addresses an issue where auto-correct could incorrectly capitalize some words
  • Fixes an issue on iPad Pro that prevented the iPad Smart Keyboard from working after connecting to a captive Wi-Fi access point
  • Fixes an issue that could cause the Thai keyboard to incorrectly switch to the numeric layout when in landscape mode

Accessibility

  • App Store adds accessibility support for bold and large text for display customization
  • Smart Invert adds support for images on the web and in Mail messages
  • Improves RTT experience and adds RTT support for T-Mobile
  • Improves app switching on iPad for VoiceOver and Switch Control users
  • Addresses an issue where VoiceOver incorrectly described Bluetooth status and badge icons
  • Fixes an issue where end call button might not be presented in the Phone app when using VoiceOver
  • Fixes an issue where in-app app rating was not accessible with VoiceOver
  • Resolves an issue when using Live Listen that could distort audio playback

Other improvements and fixes

  • Introduces support for the AML standard which provides more accurate location data to emergency responders when SOS is triggered (in supported countries)
  • Adds support for software authentication as a new way for developers to create and enable HomeKit compatible accessories
  • Podcasts now plays episodes with a single tap and you can tap Details to learn more about each episode
  • Improves search performance for users with long notes in Contacts
  • Improves performance of Handoff and Universal Clipboard when both devices are on the same Wi-Fi network
  • Fixes an issue that could prevent incoming calls from waking the display
  • Addresses an issue that could delay or prevent playback of Visual Voicemail
  • Resolves an issue that prevented opening a web link in Messages
  • Fixes an issue that could prevent users from returning to Mail after previewing a message attachment
  • Fixes an issue that could cause Mail notifications to reappear on the Lock screen after they had been cleared
  • Resolves an issue that could cause time and notifications to disappear from the Lock Screen
  • Resolves an issue that prevented parents from using Face ID to approve Ask to Buy requests
  • Fixes an issue in Weather where current weather conditions may not have been updated
  • Fixes an issue where contacts may not sync with a car’s phone book when connected over Bluetooth
  • Addresses an issue that could prevent audio apps from playing in cars when the app was in the background

iOS 11.3 security fixes

iOS 11.3 also fixes the following vulnerabilities:

Clock

  • Available for: iPhone 5s and later, iPad Air and later and sixth-generation iPod touch
  • Impact: A person with physical access to an iOS device may be able to see the email address used for iTunes
  • Description: An information disclosure issue existed in the handling of alarms and timers. This issue was addressed through improved access restrictions.
  • CVE-2018-4123: Zaheen Hafzar M M (@zaheenhafzer)

CoreFoundation

  • Available for: iPhone 5s and later, iPad Air and later and sixth-generation iPod touch
  • Impact: An application may be able to gain elevated privileges
  • Description: A race condition was addressed with additional validation.
  • CVE-2018-4155: Samuel Groß (@5aelo)
  • CVE-2018-4158: Samuel Groß (@5aelo)

CoreText

  • Available for: iPhone 5s and later, iPad Air and later and sixth-generation iPod touch
  • Impact: Processing a maliciously crafted string may lead to a denial of service
  • Description: A denial of service issue was addressed through improved memory handling.
  • CVE-2018-4142: Robin Leroy of Google Switzerland GmbH

File System Events

  • Available for: iPhone 5s and later, iPad Air and later and sixth-generation iPod touch
  • Impact: An application may be able to gain elevated privileges
  • Description: A race condition was addressed with additional validation.
  • CVE-2018-4167: Samuel Groß (@5aelo)

Files Widget

  • Available for: iPhone 5s and later, iPad Air and later and sixth-generation iPod touch
  • Impact: File Widget may display contents on a locked device
  • Description: The File Widget was displaying cached data when in the locked state. This issue was addressed with improved state management.
  • CVE-2018-4168: Brandon Moore

Find My iPhone

  • Available for: iPhone 5s and later, iPad Air and later and sixth-generation iPod touch
  • Impact: A person with physical access to the device may be able to disable Find My iPhone without entering an iCloud password
  • Description: A state management issue existed when restoring from a back up. This issue was addressed through improved state checking during restore.
  • CVE-2018-4172: Viljami Vastamäki

iCloud Drive

  • Available for: iPhone 5s and later, iPad Air and later and sixth-generation iPod touch
  • Impact: An application may be able to gain elevated privileges
  • Description: A race condition was addressed with additional validation.
  • CVE-2018-4151: Samuel Groß (@5aelo)

Kernel

  • Available for: iPhone 5s and later, iPad Air and later and sixth-generation iPod touch
  • Impact: A malicious application may be able to execute arbitrary code with kernel privileges
  • Description: Multiple memory corruption issues were addressed with improved memory handling.
  • CVE-2018-4150: an anonymous researcher

Kernel

  • Available for: iPhone 5s and later, iPad Air and later and sixth-generation iPod touch
  • Impact: An application may be able to read restricted memory
  • Description: A validation issue was addressed with improved input sanitization.
  • CVE-2018-4104: The UK’s National Cyber Security Centre (NCSC)

Kernel

  • Available for: iPhone 5s and later, iPad Air and later and sixth-generation iPod touch
  • Impact: An application may be able to execute arbitrary code with kernel privileges
  • Description: A memory corruption issue was addressed with improved memory handling.
  • CVE-2018-4143: derrek (@derrekr6)

Mail

  • Available for: iPhone 5s and later, iPad Air and later and sixth-generation iPod touch
  • Impact: An attacker in a privileged network position may be able to intercept the contents of S/MIME-encrypted e-mail
  • Description: An inconsistent user interface issue was addressed with improved state management.
  • CVE-2018-4174: an anonymous researcher, an anonymous researcher

NSURLSession

  • Available for: iPhone 5s and later, iPad Air and later and sixth-generation iPod touch
  • Impact: An application may be able to gain elevated privileges
  • Description: A race condition was addressed with additional validation.
  • CVE-2018-4166: Samuel Groß (@5aelo)

PluginKit

  • Available for: iPhone 5s and later, iPad Air and later and sixth-generation iPod touch
  • Impact: An application may be able to gain elevated privileges
  • Description: A race condition was addressed with additional validation.
  • CVE-2018-4156: Samuel Groß (@5aelo)

Quick Look

  • Available for: iPhone 5s and later, iPad Air and later and sixth-generation iPod touch
  • Impact: An application may be able to gain elevated privileges
  • Description: A race condition was addressed with additional validation.
  • CVE-2018-4157: Samuel Groß (@5aelo)

Safari

  • Available for: iPhone 5s and later, iPad Air and later and sixth-generation iPod touch
  • Impact: Visiting a malicious website by clicking a link may lead to user interface spoofing
  • Description: An inconsistent user interface issue was addressed with improved state management.
  • CVE-2018-4134: xisigr of Tencent’s Xuanwu Lab (tencent.com), Zhiyang Zeng (@Wester) of Tencent Security Platform Department

Safari Login AutoFill

  • Available for: iPhone 5s and later, iPad Air and later and sixth-generation iPod touch
  • Impact: A malicious website may be able to exfiltrate autofilled data in Safari without explicit user interaction.
  • Description: Safari autofill did not require explicit user interaction before taking place. The issue was addressed through improved autofill heuristics.
  • CVE-2018-4137

SafariViewController

  • Available for: iPhone 5s and later, iPad Air and later and sixth-generation iPod touch
  • Impact: Visiting a malicious website may lead to user interface spoofing
  • Description: A state management issue was addressed by disabling text input until the destination page loads.
  • CVE-2018-4149: Abhinash Jain (@abhinashjain)

Security

  • Available for: iPhone 5s and later, iPad Air and later and sixth-generation iPod touch
  • Impact: A malicious application may be able to elevate privileges
  • Description: A buffer overflow was addressed with improved size validation.
  • CVE-2018-4144: Abraham Masri (@cheesecakeufo)

Storage

  • Available for: iPhone 5s and later, iPad Air and later and sixth-generation iPod touch
  • Impact: An application may be able to gain elevated privileges
  • Description: A race condition was addressed with additional validation.
  • CVE-2018-4154: Samuel Groß (@5aelo)

System Preferences

  • Available for: iPhone 5s and later, iPad Air and later and sixth-generation iPod touch
  • Impact: A configuration profile may incorrectly remain in effect after removal
  • Description: An issue existed in CFPreferences. This issue was addressed through improved preferences cleanup.
  • CVE-2018-4115: Johann Thalakada, Vladimir Zubkov, and Matt Vlasach of Wandera

Telephony

  • Available for: iPhone 5s and later, iPad Air and later and sixth-generation iPod touch
  • Impact: A remote attacker can cause a device to unexpectedly restart
  • Description: A null pointer dereference issue existed when handling Class 0 SMS messages. This issue was addressed through improved message validation.
  • CVE-2018-4140: @mjonsson, Arjan van der Oest of Voiceworks BV

Web App

  • Available for: iPhone 5s and later, iPad Air and later and sixth-generation iPod touch
  • Impact: Cookies may unexpectedly persist in web app
  • Description: A cookie management issue was addressed through improved state management.
  • CVE-2018-4110: Ben Compton and Jason Colley of Cerner Corporation

WebKit

  • Available for: iPhone 5s and later, iPad Air and later and sixth-generation iPod touch
  • Impact: Processing maliciously crafted web content may lead to arbitrary code execution
  • Description: Multiple memory corruption issues were addressed with improved memory handling.
  • CVE-2018-4101: Yuan Deng of Ant-financial Light-Year Security Lab
  • CVE-2018-4114: found by OSS-Fuzz
  • CVE-2018-4118: Jun Kokatsu (@shhnjk)
  • CVE-2018-4119: an anonymous researcher working with Trend Micro’s Zero Day Initiative
  • CVE-2018-4120: Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team
  • CVE-2018-4121: Natalie Silvanovich of Google Project Zero
  • CVE-2018-4122: WanderingGlitch of Trend Micro’s Zero Day Initiative
  • CVE-2018-4125: WanderingGlitch of Trend Micro’s Zero Day Initiative
  • CVE-2018-4127: an anonymous researcher working with Trend Micro’s Zero Day Initiative
  • CVE-2018-4128: Zach Markley
  • CVE-2018-4129: likemeng of Baidu Security Lab working with Trend Micro’s Zero Day Initiative
  • CVE-2018-4130: Omair working with Trend Micro’s Zero Day Initiative
  • CVE-2018-4161: WanderingGlitch of Trend Micro’s Zero Day Initiative
  • CVE-2018-4162: WanderingGlitch of Trend Micro’s Zero Day Initiative
  • CVE-2018-4163: WanderingGlitch of Trend Micro’s Zero Day Initiative
  • CVE-2018-4165: Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team

WebKit

  • Available for: iPhone 5s and later, iPad Air and later and sixth-generation iPod touch
  • Impact: Unexpected interaction with indexing types causing an ASSERT failure
  • Description: An array indexing issue existed in the handling of a function in javascript core. This issue was addressed through improved checks
  • CVE-2018-4113: found by OSS-Fuzz

WebKit

  • Available for: iPhone 5s and later, iPad Air and later and sixth-generation iPod touch
  • Impact: Processing maliciously crafted web content may lead to a denial of service
  • Description: A memory corruption issue was addressed through improved input validation
  • CVE-2018-4146: found by OSS-Fuzz

WebKit

  • Available for: iPhone 5s and later, iPad Air and later and sixth-generation iPod touch
  • Impact: A malicious website may exfiltrate data cross-origin
  • Description: A cross-origin issue existed with the fetch API. This was addressed through improved input validation.
  • CVE-2018-4117: an anonymous researcher, an anonymous researcher

WindowServer

  • Available for: iPhone 5s and later, iPad Air and later and sixth-generation iPod touch
  • Impact: An unprivileged application may be able to log keystrokes entered into other applications even when secure input mode is enabled
  • Description: By scanning key states, an unprivileged application could log keystrokes entered into other applications even when secure input mode was enabled. This issue was addressed by improved state management.
  • CVE-2018-4131: Andreas Hegenberg of folivora.AI GmbH

For further information on the security content of iOS 11.3, read Apple’s support document.

Keep in mind that some features may not be available for all countries or all areas. For more information on that, visit Apple’s iOS Feature Availability webpage.

LEAVE A REPLY

Please enter your comment!
Please enter your name here