iOS 15 Patched Security Hole That Potentially Exposed Users’ Private Apple ID Information to Third-Party Apps

Apple patched two important safety vulnerabilities when it launched iOS 15 that might have probably uncovered customers’ personal Apple ID data and in-app search historical past to malicious third-party apps and allowed apps to override person Privacy preferences, Apple has revealed in a recent support document update.

With most iOS, macOS, tvOS, and watchOS updates, Apple supplies an inventory of safety vulnerabilities patched in that replace. Apple maintains an inventory of safety fixes and sometimes updates them with new entries as soon as an investigation of a particular safety vulnerability is accomplished.

Released in September, iOS and iPadOS 15 launched “additional sandbox restrictions on third-party applications” as a patch, and Apple credit developer Steve Troughton-Smith for helping it to find and patching the vulnerability.

Impact: A malicious utility might have the ability to entry a few of the person’s Apple ID data, or latest in-app search phrases
Description: An entry subject was addressed with extra sandbox restrictions on third-party functions.
CVE-2021-30898: Steven Troughton-Smith of High Caffeine Content (@stroughtonsmith)
Entry added January 19, 2022

Apple doesn’t supply any indication that this explicit exploit was actively used within the wild.

In addition, iOS 15, iPadOS 15, and watchOS 8.0 additionally patched a safety exploit that might permit a third-party app to bypass Privacy preferences. Apple doesn’t present any extra data as to the specifics of the exploit and doesn’t point out it was actively used.

Apple additionally up to date its safety content material pages for iOS 15.1, iOS 14, tvOS 15, tvOS 15.1, macOS Big Sur 11.6.1, macOS Big Sur 11.6, and extra with newly disclosed safety vulnerabilities for every of the updates.

According to Apple, iOS 15 is put in on greater than 72% of all iPhones launched within the final 4 years, with iPadOS 15 adoption decrease at 57%. Adoption of iOS 15 is significantly decrease than iOS 14, which was put in on more than 80% of all iPhones launched within the final 4 years. Even iOS 13 skilled sooner adoption charges than iOS 15 because it was put in on 77% of iPhones by January of 2020.

With the newly disclosed safety exploits patched in iOS 15 and iPadOS 15, and iOS 15.1 and iPadOS 15.1, customers are strongly inspired to replace to the most recent iOS and iPadOS variations. Apple is at present testing iOS 15.3 and iPadOS 15.3 with public and developer beta testers, and the newest public model is iOS 15.2.1 and iPadOS 15.2.1.

Apple in June stated that it will give customers a alternative when iOS 15 launched on whether or not they would need to replace to the most recent model or proceed to obtain iOS 14 safety updates. The latter is not an choice as Apple is now extra aggressively pushing users to update to iOS 15 as customers nonetheless working on iOS 14 will not obtain standalone safety updates.

Apple says the choice to stay on iOS 14 was always meant to be temporary.