Earlier iPad models and Chinese versions (click on your model to download) iOS 10.2:

What's New in iOS 10.3.2:

Find My iPhone

  • View the current or last known location of your AirPods
  • Play a sound on one or both AirPods to help you find them

Siri

  • Support for paying and checking status of bills with payment apps
  • Support for scheduling with ride booking apps
  • Support for checking car fuel level, lock status, turning on lights and activating horn with automaker apps
  • Cricket sports scores and statistics for Indian Premier League and International Cricket Council

CarPlay

  • Shortcuts in the status bar for easy access to last used apps
  • Apple Music Now Playing screen gives access to Up Next and the currently playing song’s album
  • Daily curated playlists and new music categories in Apple Music

Other improvements and fixes

  • Rent once and watch your iTunes movies across your devices
  • New Settings unified view for your Apple ID account information, settings and devices
  • Hourly weather in Maps using 3D Touch on the displayed current temperature
  • Support for searching “parked car" in Maps
  • Calendar adds the ability to delete an unwanted invite and report it as junk
  • Home app support to trigger scenes using accessories with switches and buttons
  • Home app support for accessory battery level status
  • Podcasts support for 3D Touch and Today widget to access recently updated shows
  • Podcast shows or episodes are shareable to Messages with full playback support
  • Fixes an issue that could prevent Maps from displaying your current location after resetting Location & Privacy
  • VoiceOver stability improvements for Phone, Safari and Mail

Security improvements:

AVEVideoEncoder

  • Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
  • Impact: An application may be able to gain kernel privileges
  • Description: A memory corruption issue was addressed with improved memory handling.
  • CVE-2017-6989: Adam Donenfeld (@doadam) of the Zimperium zLabs Team

CoreAudio

  • Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
  • Impact: An application may be able to read restricted memory
  • Description: A validation issue was addressed with improved input sanitization.
  • CVE-2017-2502: Yangkang (@dnpushme) of Qihoo360 Qex Team

iBooks

  • Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
  • Impact: A maliciously crafted book may open arbitrary websites without user permission
  • Description: A URL handling issue was addressed through improved state management.
  • CVE-2017-2497: Jun Kokatsu (@shhnjk)

iBooks

  • Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
  • Impact: An application may be able to execute arbitrary code with root privileges
  • Description: An issue existed within the path validation logic for symlinks. This issue was addressed through improved path sanitization.
  • CVE-2017-6981: evi1m0 of YSRC (sec.ly.com)

IOSurface

  • Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
  • Impact: An application may be able to gain kernel privileges
  • Description: A memory corruption issue was addressed with improved memory handling.
  • CVE-2017-6979: Adam Donenfeld of Zimperium zLabs

Kernel

  • Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
  • Impact: An application may be able to execute arbitrary code with kernel privileges
  • Description: A race condition was addressed through improved locking.
  • CVE-2017-2501: Ian Beer of Google Project Zero

Kernel

  • Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
  • Impact: An application may be able to read restricted memory
  • Description: A validation issue was addressed with improved input sanitization.
  • CVE-2017-2507: Ian Beer of Google Project Zero
  • CVE-2017-6987: Patrick Wardle of Synack

Notifications

  • Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
  • Impact: An application may be able to cause a denial of service
  • Description: A denial of service issue was addressed through improved memory handling.
  • CVE-2017-6982: Vincent Desmurs (vincedes3), Sem Voigtlander (OxFEEDFACE), and Joseph Shenton of CoffeeBreakers

Safari

  • Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
  • Impact: Visiting a maliciously crafted webpage may lead to an application denial of service
  • Description: An issue in Safari's history menu was addressed through improved memory handling.
  • CVE-2017-2495: Tubasa Iinuma (@llamakko_cafe) of Gehirn Inc.

Security

  • Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
  • Impact: Update to the certificate trust policy
  • Description: A certificate validation issue existed in the handling of untrusted certificates. This issue was addressed through improved user handling of trust acceptance.
  • CVE-2017-2498: Andrew Jerman

SQLite

  • Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
  • Impact: A maliciously crafted SQL query may lead to arbitrary code execution
  • Description: A use after free issue was addressed through improved memory management.
  • CVE-2017-2513: found by OSS-Fuzz

SQLite

  • Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
  • Impact: A maliciously crafted SQL query may lead to arbitrary code execution
  • Description: A buffer overflow issue was addressed through improved memory handling.
  • CVE-2017-2518: found by OSS-Fuzz
  • CVE-2017-2520: found by OSS-Fuzz

SQLite

  • Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
  • Impact: A maliciously crafted SQL query may lead to arbitrary code execution
  • Description: A memory corruption issue was addressed with improved memory handling.
  • CVE-2017-2519: found by OSS-Fuzz

SQLite

  • Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
  • Impact: Processing maliciously crafted web content may lead to arbitrary code execution
  • Description: Multiple memory corruption issues were addressed with improved input validation.
  • CVE-2017-6983: Chaitin Security Research Lab (@ChaitinTech) working with Trend Micro's Zero Day Initiative
  • CVE-2017-6991: Chaitin Security Research Lab (@ChaitinTech) working with Trend Micro's Zero Day Initiative

TextInput

  • Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
  • Impact: Parsing maliciously crafted data may lead to arbitrary code execution
  • Description: A memory corruption issue was addressed with improved memory handling.
  • CVE-2017-2524: Ian Beer of Google Project Zero

WebKit

  • Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
  • Impact: Processing maliciously crafted web content may lead to arbitrary code execution
  • Description: Multiple memory corruption issues were addressed with improved memory handling.
  • CVE-2017-2496: Apple
  • CVE-2017-2505: lokihardt of Google Project Zero
  • CVE-2017-2506: Zheng Huang of the Baidu Security Lab working with Trend Micro’s Zero Day Initiative
  • CVE-2017-2514: lokihardt of Google Project Zero
  • CVE-2017-2515: lokihardt of Google Project Zero
  • CVE-2017-2521: lokihardt of Google Project Zero
  • CVE-2017-2525: Kai Kang (4B5F5F4B) of Tencent’s Xuanwu Lab (tencent.com) working with Trend Micro’s Zero Day Initiative
  • CVE-2017-2526: Kai Kang (4B5F5F4B) of Tencent’s Xuanwu Lab (tencent.com) working with Trend Micro’s Zero Day Initiative
  • CVE-2017-2530: an anonymous researcher
  • CVE-2017-2531: lokihardt of Google Project Zero
  • CVE-2017-2538: Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative
  • CVE-2017-2539: Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative
  • CVE-2017-2544: 360 Security (@mj0011sec) working with Trend Micro's Zero Day Initiative
  • CVE-2017-2547: lokihardt of Google Project Zero, Team Sniper (Keen Lab and PC Mgr) working with Trend Micro's Zero Day Initiative
  • CVE-2017-6980: lokihardt of Google Project Zero
  • CVE-2017-6984: lokihardt of Google Project Zero

WebKit

  • Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
  • Impact: Processing maliciously crafted web content may lead to universal cross site scripting
  • Description: A logic issue existed in the handling of WebKit Editor commands. This issue was addressed with improved state management.
  • CVE-2017-2504: lokihardt of Google Project Zero

WebKit

  • Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
  • Impact: Processing maliciously crafted web content may lead to universal cross site scripting
  • Description: A logic issue existed in the handling of WebKit container nodes. This issue was addressed with improved state management.
  • CVE-2017-2508: lokihardt of Google Project Zero

WebKit

  • Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
  • Impact: Processing maliciously crafted web content may lead to universal cross site scripting
  • Description: A logic issue existed in the handling of pageshow events. This issue was addressed with improved state management.
  • CVE-2017-2510: lokihardt of Google Project Zero

WebKit

  • Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
  • Impact: Processing maliciously crafted web content may lead to universal cross site scripting
  • Description: A logic issue existed in the handling of WebKit cached frames. This issue was addressed with improved state management.
  • CVE-2017-2528: lokihardt of Google Project Zero

WebKit

  • Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
  • Impact: Processing maliciously crafted web content may lead to arbitrary code execution
  • Description: Multiple memory corruption issues with addressed through improved memory handling.
  • CVE-2017-2536: Samuel Groß and Niklas Baumstark working with Trend Micro's Zero Day Initiative

WebKit

  • Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
  • Impact: Processing maliciously crafted web content may lead to universal cross site scripting
  • Description: A logic issue existed in frame loading. This issue was addressed with improved state management.
  • CVE-2017-2549: lokihardt of Google Project Zero

WebKit Web Inspector

  • Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
  • Impact: An application may be able to execute unsigned code
  • Description: A memory corruption issue was addressed with improved memory handling.
  • CVE-2017-2499: George Dan (@theninjaprawn)

Previous versions:

Apple iPad iOS 10.3.1 Firmware Update

Apple iPad iOS 10.2.1 Firmware Update 2017-03-28

Apple iPad iOS 10.2 Firmware Update 2016-12-13

Previous version iOS 10.1.1 2016-11-01:

Previous version iOS 10.1 2016-10-25:

Previous version iOS 10.0.2 2016-09-23:

Previous version iOS 10.0.1 2016-09-14:

Previous version iOS 9.3.5 2016-08-25:

Previous version iOS 9.3.4 2016-08-05:

Previous version iOS 9.3.3 2016-07-20:

Previous version iOS 9.3.2 2016-05-17:

Previous version iOS 9.3.1 2016-04-01:

Previous version iOS 9.3:

Previous version iOS 9.2.1: