Will iOS 10, “the biggest release of iOS ever,” brick your device?

As announced earlier this month, Apple just released iOS 10, which it claims is “the biggest release of iOS ever.”

We assume that’s meant to mean biggest as in best and coolest, rather than biggest as in most enormous in size, not least because we seem to recall even bigger update sizes in the past.

Not that today’s update was tiny, requiring a substantial download of 1.2GB.

Fortunately, everything went smoothly here.

Once the download had finished, we left the processing of the update to itself and came back to a rebooted iPhone that worked just fine straight away.

The only cosmetic change that we’ve noticed so far that is that the long-established “Slide to unlock” bar across the bottom of the lock screen is gone.

Now, you press the Home button instead, which somehow seems more consistent with the rest of the iOS user interface, and it’s a change we like, even though our muscle memory will take time to adapt.

You can also see the bottom of your lockscreen picture clearly now.

As it happens, however, we seem to have had a better experience than many early adopters, many of whom quickly reported “bricked” devices.

The word “bricked” sounds like a bit of an overstatement here, because it seems that a failed update started via Wi-Fi can be fixed by firing up iTunes on your computer, plugging in your iDevice and finishing off the the update over USB.

That’s annoying, to be sure, and inconvenient compared to a simple Over The Air (OTA) update, but it’s not consistent with calling a device “bricked,” a term that’s usually reserved for a update that went so wrong that it left your device unable even to boot up in “wipe me completely and start over again” mode.

In other words, a truly bricked phone is about as much use as a brick. (This metaphor made more sense when phones were similar in both size and shape to a brick, but it’s stuck anyway.)

Apple has officially said:

We experienced a brief issue with the software update process, affecting a small number of users during the first hour of availability. The problem was quickly resolved and we apologize to those customers. Anyone who was affected should connect to iTunes to complete the update or contact AppleCare for help.

Interestingly, the Apple Security Advisory email we received offered us iOS 10, and linked to an official page listing its security content; by the time we actually updated about 90 minutes later, we received iOS 10.0.1.

We assume that 10.0.1 includes a scrambled fix that “quickly resolved” the initial problem, as mentioned above, but the iOS 10.0.1 version’s own Security Advisory page doesn’t admit or explain anything, saying simply that:

iOS 10.0.1 includes the security content of iOS 10.

As we’ve mentioned before, Apple often plays its security cards so close to its chest that it becomes its own worst enemy.

Why update?

We updated right away because iOS 10, like every Apple update in recent memory, fixes a number of security bugs as well as adding new features and introducing a cleaner-and-leaner-than-ever look.

This time, unlike the recent and urgently-issued iOS 9.3.5 update that fixed a zero-day exploit, none of the updates have to do with remote code execution (RCE) bugs.

RCEs, remember, are exploits that crooks can use to run unauthorised software, without your approval and without going through Apple’s curated App Store, and that could allow malware to be implanted surreptitiously on your device.

The bugs fixed in iOS 10 cover numerous components of the operating system, and almost all of the buggy components were patched because they opened up data leakage holes:

  • GeoServices. An application may be able to read sensitive location information.
  • Keyboards. Auto correct suggestions may reveal sensitive information.
  • Mail. A man-in-the-middle may be able to intercept mail credentials.
  • Messages. Messages may be visible on a device that has not signed in to the app.
  • Printing UIKit. An unencrypted document may be written to a temporary file when using AirPrint preview.
  • Sandbox Profiles. A malicious application may be able to determine whom a user is texting.

We think those are well worth patching against, even if they are a lot less dramatic than the one-click jailbreak zero-day that was fixed in iOS 9.3.5.