Earlier iPad models and Chinese versions (click on your model to download) iOS 10.2:

What's New in iOS 10.3.3:

Contacts

  • Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
  • Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution
  • Description: A buffer overflow issue was addressed through improved memory handling.
  • CVE-2017-7062: Shashank (@cyberboyIndia)

CoreAudio

  • Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
  • Impact: Processing a maliciously crafted movie file may lead to arbitrary code execution
  • Description: A memory corruption issue was addressed with improved bounds checking.
  • CVE-2017-7008: Yangkang (@dnpushme) of Qihoo 360 Qex Team

EventKitUI

  • Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
  • Impact: A remote attacker may cause an unexpected application termination
  • Description: A resource exhaustion issue was addressed through improved input validation.
  • CVE-2017-7007: José Antonio Esteban (@Erratum_) of Sapsi Consultores

IOUSBFamily

  • Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
  • Impact: An application may be able to execute arbitrary code with kernel privileges
  • Description: A memory corruption issue was addressed with improved memory handling.
  • CVE-2017-7009: shrek_wzw of Qihoo 360 Nirvan Team

Kernel

  • Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
  • Impact: An application may be able to execute arbitrary code with system privileges
  • Description: A memory corruption issue was addressed with improved memory handling.
  • CVE-2017-7022: an anonymous researcher
  • CVE-2017-7024: an anonymous researcher
  • CVE-2017-7026: an anonymous researcher

Kernel

  • Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
  • Impact: An application may be able to execute arbitrary code with kernel privileges
  • Description: A memory corruption issue was addressed with improved memory handling.
  • CVE-2017-7023: an anonymous researcher
  • CVE-2017-7025: an anonymous researcher
  • CVE-2017-7027: an anonymous researcher
  • CVE-2017-7069: Proteas of Qihoo 360 Nirvan Team

Kernel

  • Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
  • Impact: An application may be able to read restricted memory
  • Description: A validation issue was addressed with improved input sanitization.
  • CVE-2017-7028: an anonymous researcher
  • CVE-2017-7029: an anonymous researcher

libarchive

  • Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
  • Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution
  • Description: A buffer overflow was addressed through improved bounds checking.
  • CVE-2017-7068: found by OSS-Fuzz

libxml2

  • Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
  • Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information
  • Description: An out-of-bounds read was addressed through improved bounds checking.
  • CVE-2017-7010: Apple
  • CVE-2017-7013: found by OSS-Fuzz

libxpc

  • Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
  • Impact: An application may be able to execute arbitrary code with system privileges
  • Description: A memory corruption issue was addressed with improved memory handling.
  • CVE-2017-7047: Ian Beer of Google Project Zero

Messages

  • Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
  • Impact: A remote attacker may cause an unexpected application termination
  • Description: A memory consumption issue was addressed through improved memory handling.
  • CVE-2017-7063: Shashank (@cyberboyIndia)

Notifications

  • Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
  • Impact: Notifications may appear on the lock screen when disabled
  • Description: A lock screen issue was addressed with improved state management.
  • CVE-2017-7058: an anonymous researcher

Safari

  • Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
  • Impact: Visiting a malicious website may lead to address bar spoofing
  • Description: An inconsistent user interface issue was addressed with improved state management.
  • CVE-2017-2517: xisigr of Tencent's Xuanwu Lab (tencent.com)

Safari Printing

  • Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
  • Impact: Processing maliciously crafted web content may lead to an infinite number of print dialogs
  • Description: An issue existed where a malicious or compromised website could show infinite print dialogs and make users believe their browser was locked. The issue was addressed through throttling of print dialogs.
  • CVE-2017-7060: Travis Kelley of City of Mishawaka, Indiana

Telephony

  • Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
  • Impact: An attacker in a privileged network position may be able to execute arbitrary code
  • Description: A memory corruption issue was addressed with improved memory handling.

CVE-2017-8248

WebKit

  • Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
  • Impact: A malicious website may exfiltrate data cross-origin
  • Description: Processing maliciously crafted web content may allow cross-origin data to be exfiltrated by using SVG filters to conduct a timing side-channel attack. This issue was addressed by not painting the cross-origin buffer into the frame that gets filtered.
  • CVE-2017-7006: an anonymous researcher, David Kohlbrenner of UC San Diego

WebKit

  • Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
  • Impact: Visiting a malicious website may lead to address bar spoofing
  • Description: A state management issue was addressed with improved frame handling.
  • CVE-2017-7011: xisigr of Tencent's Xuanwu Lab (tencent.com)

WebKit

  • Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
  • Impact: Processing maliciously crafted web content may lead to arbitrary code execution
  • Description: Multiple memory corruption issues were addressed with improved memory handling.
  • CVE-2017-7018: lokihardt of Google Project Zero
  • CVE-2017-7020: likemeng of Baidu Security Lab
  • CVE-2017-7030: chenqin of Ant-financial Light-Year Security Lab (蚂蚁金服巴斯光年安全实验室)
  • CVE-2017-7034: chenqin of Ant-financial Light-Year Security Lab (蚂蚁金服巴斯光年安全实验室)
  • CVE-2017-7037: lokihardt of Google Project Zero
  • CVE-2017-7039: Ivan Fratric of Google Project Zero
  • CVE-2017-7040: Ivan Fratric of Google Project Zero
  • CVE-2017-7041: Ivan Fratric of Google Project Zero
  • CVE-2017-7042: Ivan Fratric of Google Project Zero
  • CVE-2017-7043: Ivan Fratric of Google Project Zero
  • CVE-2017-7046: Ivan Fratric of Google Project Zero
  • CVE-2017-7048: Ivan Fratric of Google Project Zero
  • CVE-2017-7052: cc working with Trend Micro's Zero Day Initiative
  • CVE-2017-7055: The UK's National Cyber Security Centre (NCSC)
  • CVE-2017-7056: lokihardt of Google Project Zero
  • CVE-2017-7061: lokihardt of Google Project Zero

WebKit

  • Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
  • Impact: Processing maliciously crafted web content with DOMParser may lead to cross site scripting
  • Description: A logic issue existed in the handling of DOMParser. This issue was addressed with improved state management.
  • CVE-2017-7038: Egor Karbutov (@ShikariSenpai) of Digital Security and Egor Saltykov (@ansjdnakjdnajkd) of Digital Security, Neil Jenkins of FastMail Pty Ltd
  • CVE-2017-7059: an anonymous researcher

WebKit

  • Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
  • Impact: Processing maliciously crafted web content may lead to arbitrary code execution
  • Description: Multiple memory corruption issues were addressed through improved memory handling.
  • CVE-2017-7049: Ivan Fratric of Google Project Zero

WebKit

  • Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
  • Impact: An application may be able to read restricted memory
  • Description: A memory initialization issue was addressed through improved memory handling.
  • CVE-2017-7064: lokihardt of Google Project Zero

WebKit Page Loading

  • Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
  • Impact: Processing maliciously crafted web content may lead to arbitrary code execution
  • Description: Multiple memory corruption issues were addressed with improved memory handling.
  • CVE-2017-7019: Zhiyang Zeng of Tencent Security Platform Department

WebKit Web Inspector

  • Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
  • Impact: Processing maliciously crafted web content may lead to arbitrary code execution
  • Description: Multiple memory corruption issues were addressed with improved memory handling.
  • CVE-2017-7012: Apple

Wi-Fi

  • Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
  • Impact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip
  • Description: A memory corruption issue was addressed with improved memory handling.
  • CVE-2017-9417: Nitay Artenstein of Exodus Intelligence

Previous versions:

Apple iPad iOS 10.3.1 Firmware Update

Apple iPad iOS 10.2.1 Firmware Update 2017-03-28

Apple iPad iOS 10.2 Firmware Update 2016-12-13

Previous version iOS 10.1.1 2016-11-01:

Previous version iOS 10.1 2016-10-25:

Previous version iOS 10.0.2 2016-09-23:

Previous version iOS 10.0.1 2016-09-14:

Previous version iOS 9.3.5 2016-08-25:

Previous version iOS 9.3.4 2016-08-05:

Previous version iOS 9.3.3 2016-07-20:

Previous version iOS 9.3.2 2016-05-17:

Previous version iOS 9.3.1 2016-04-01:

Previous version iOS 9.3:

Previous version iOS 9.2.1:

  •