iOS 15 Includes Improved Face ID Anti-Spoofing Models and Other Vulnerability Fixes

The iOS 15 and iPadOS 15 updates that were released today add improved anti-spoofing models for Face ID, further improving the security of facial recognition on the iPhone X and later and the iPad Pro models.

iPhone 13 Face ID
According to Apple's security support document for the updates, there was a ‌Face ID‌ vulnerability that could allow a ‌Face ID‌ ‌iPhone‌ to be unlocked and authenticated using a 3D model constructed to look like the ‌iPhone‌'s owner.

Apple says that this issue has been resolved through improvements to the ‌Face ID‌ feature, which is available on the ‌iPhone‌ X, ‌iPhone‌ XR, ‌iPhone‌ XS (all models), ‌iPhone‌ 11 (all models), iPhone 12 (all models), ‌iPad Pro‌ (11-inch), and ‌iPad Pro‌ (3rd generation).

There are a number of other security fixes included in the iOS 15 update, but none of the exploits were listed as being used in the wild. There was an issue with the Neural Engine that could allow an application to execute arbitrary code with system privileges on devices with a Neural Engine, and a CoreML bug could let attackers cause unexpected application termination or arbitrary code execution.

Apple also addressed issues with FontParser, Preferences, Siri, WebKit, and WiFi, all of which are outlined in Apple's full security document.

For those not particularly interested in the feature set that iOS 15 offers, it may still be a good idea to upgrade just to get the full suite of security fixes that Apple has deployed.

Related Forum: iOS 15

Top Rated Comments

Apple_Robert Avatar
22 months ago
Glad to see more security like this in iOS 15.
Score: 10 Votes (Like | Disagree)
nyuszika7h Avatar
22 months ago

Still, it doesn‘t change the fact that people can still open your phone by just pointing it to your face!
Not true. That's exactly what "Require Attention for Face ID" is for, and it's on by default. You need to have your eyes open and actively looking at the screen. If you're looking away, it won't unlock. It's not totally impossible but makes it harder for people to pull that off. But if you're so concerned about that, you can temporarily disable Face ID by holding the power and volume down buttons for a few seconds.
Score: 9 Votes (Like | Disagree)
David8753Co Avatar
22 months ago

you rather have your finger cut off?
I’ve Been hearing about this scenario for almost a decade now.

1. It’s a capacitive sensor. So even if someone cut off your finger and placed it on the phone it still wont unlock…needs electricity from your body
2. Unless the KGB or Jack Bauer is trying to get some info on your phone, this is an utterly absurd scenario. Stealing someone’s phone and cutting someone‘s finger off are on the complete opposite of the spectrum in terms of crime.

People who steal phones are looking to sell it to make money. They aren’t looking to go to prison on a mayhem assault charges for your ~$1,000 smartphone

Seriously, stop watching TV and trying to cast all criminals on the same level. People don’t just cut fingers off because they want to see your emails.

Try critical thinking
Score: 6 Votes (Like | Disagree)
subi257 Avatar
22 months ago

"For those not particularly interested in the feature set that iOS 15 offers, it may still be a good idea to upgrade just to get the full suite of security fixes that Apple has deployed."

So the whole 'we will continue to release security updates for iOS 14 users' was a lie.
They always continue to realize security updates...for years afterwards.
Score: 5 Votes (Like | Disagree)
nyuszika7h Avatar
22 months ago

So the whole 'we will continue to release security updates for iOS 14 users' was a lie.
No, it wasn't. They can still backport security fixes to iOS 14 but maybe they'll only get the ones that are deemed more critical.
Score: 4 Votes (Like | Disagree)
Populus Avatar
22 months ago
Improved Face iD. For once I thought facial recognition was improved wearing a facemask
Score: 3 Votes (Like | Disagree)

Popular Stories

google drive for desktop1

Google to Roll Out New 'Drive for Desktop' App in the Coming Weeks, Replacing Backup & Sync and Drive File Stream Clients

Tuesday July 13, 2021 1:18 am PDT by
Earlier this year, Google announced that it planned to unify its Drive File Stream and Backup and Sync apps into a single Google Drive for desktop app. The company now says the new sync client will roll out "in the coming weeks" and has released additional information about what users can expect from the transition. To recap, there are currently two desktop sync solutions for using Google...