As of January 19, 2022, Apple has patched a number of security vulnerabilities in iOS 15, and iPadOS 15 which jeopardized users’ private information and safety. The patches prevent attacks from malicious apps, images, FaceID authentication methods, and more for iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).
The latest security patches reiterate the need to update devices to the most recent iOS and iPadOS versions. Recently, the tech giant confirmed that it has stopped signing off on the new iOS 14 security updates and is offering the iOS 15.2 update to users still on iOS 14 and iPadOS 14 versions.
Apple told Ars that it always intended the iOS 14 security update option to be temporary. Essentially, people could have a short grace period while Apple worked out the worst of the new operating system’s early bugs, but you would always eventually have to upgrade to stay patched.
Apple patches the iOS 15 vulnerability which would have given access to users’ Apple ID credentials to attackers
Apple has published patches for more than ten security vulnerabilities in iOS 15 and iPadOS 15 on its support page. One of the most important patches is the access of malware to users’ Apple ID credentials or their in-app search history. The discovery of the bug is accredited to Steven Troughton-Smith.
Privacy
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A malicious application may be able to access some of the user’s Apple ID information, or recent in-app search terms
Description: An access issue was addressed with additional sandbox restrictions on third party applications.
CVE-2021-30898: Steven Troughton-Smith of High Caffeine Content (@stroughtonsmith)
Other fixed vulnerabilities include the improvement of Face ID anti-spoofing models, state management of lock screen which allowed access to users contacts on a locked device, and others.
However, the updated security page does not mention the patches for three zero-day exploits found by a security researcher, Denis Tokarev aka illusionofchaos. Such behavior strengthens the argument that Apple gives preferential treatment to some developers and tries to swipe issues under the carpet.
Read More: