Apple patched two significant security vulnerabilities when it released iOS 15 that could have potentially exposed users’ private Apple ID information and in-app search history to malicious third-party apps and allowed apps to override user Privacy preferences, Apple has revealed in a recent support document update.
With most iOS, macOS, tvOS, and watchOS updates, Apple provides a list of security vulnerabilities patched in that update. Apple maintains a list of security fixes and occasionally updates them with new entries once an investigation of a specific security vulnerability is completed.
Released in September, iOS and iPadOS 15 introduced “additional sandbox restrictions on third-party applications” as a patch, and Apple credits developer Steve Troughton-Smith for assisting it in finding and patching the vulnerability.
Impact: A malicious application may be able to access some of the user’s Apple ID information, or recent in-app search terms
Description: An access issue was addressed with additional sandbox restrictions on third-party applications.
CVE-2021-30898: Steven Troughton-Smith of High Caffeine Content (@stroughtonsmith)
Entry added January 19, 2022
Apple does not offer any indication that this particular exploit was actively used in the wild.
In addition, iOS 15, iPadOS 15, and watchOS 8.0 also patched a security exploit that could allow a third-party app to bypass Privacy preferences. Apple does not provide any more information as to the specifics of the exploit and does not indicate it was actively used.
Apple also updated its security content pages for iOS 15.1, iOS 14, tvOS 15, tvOS 15.1, macOS Big Sur 11.6.1, macOS Big Sur 11.6, and more with newly disclosed security vulnerabilities for each of the updates.
According to Apple, iOS 15 is installed on more than 72% of all iPhones released in the last four years, with iPadOS 15 adoption lower at 57%. Adoption of iOS 15 is considerably lower than iOS 14, which was installed on more than 80% of all iPhones released in the last four years. Even iOS 13 experienced faster adoption rates than iOS 15 as it was installed on 77% of iPhones by January of 2020.
With the newly disclosed security exploits patched in iOS 15 and iPadOS 15, and iOS 15.1 and iPadOS 15.1, users are strongly encouraged to update to the latest iOS and iPadOS versions. Apple is currently testing iOS 15.3 and iPadOS 15.3 with public and developer beta testers, and the most recent public version is iOS 15.2.1 and iPadOS 15.2.1.
Apple in June said that it would give users a choice when iOS 15 launched on whether they would wish to update to the newest version or continue to receive iOS 14 security updates. The latter is no longer an option as Apple is now more aggressively pushing users to update to iOS 15 as users still running on iOS 14 will no longer receive standalone security updates.
Apple says the option to remain on iOS 14 was always meant to be temporary.