iOS 15 Patched Security Hole That Potentially Exposed Users' Private Apple ID Information to Third-Party Apps

by

Apple patched two significant security vulnerabilities when it released iOS 15 that could have potentially exposed users' private Apple ID information and in-app search history to malicious third-party apps and allowed apps to override user Privacy preferences, Apple has revealed in a recent support document update.

appleprivacyad cleaned
With most iOS, macOS, tvOS, and watchOS updates, Apple provides a list of security vulnerabilities patched in that update. Apple maintains a list of security fixes and occasionally updates them with new entries once an investigation of a specific security vulnerability is completed.

Released in September, iOS and iPadOS 15 introduced "additional sandbox restrictions on third-party applications" as a patch, and Apple credits developer Steve Troughton-Smith for assisting it in finding and patching the vulnerability.

Impact: A malicious application may be able to access some of the user's Apple ID information, or recent in-app search terms
Description: An access issue was addressed with additional sandbox restrictions on third-party applications.
CVE-2021-30898: Steven Troughton-Smith of High Caffeine Content (@stroughtonsmith)
Entry added January 19, 2022

Apple does not offer any indication that this particular exploit was actively used in the wild.

In addition, iOS 15, iPadOS 15, and watchOS 8 also patched a security exploit that could allow a third-party app to bypass Privacy preferences. Apple does not provide any more information as to the specifics of the exploit and does not indicate it was actively used.

Apple also updated its security content pages for iOS 14, iOS 15.1, tvOS 15, tvOS 15.1, macOS Big Sur 11.6.1, macOS Big Sur 11.6, and more with newly disclosed security vulnerabilities for each of the updates.

According to Apple, iOS 15 is installed on more than 72% of all iPhones released in the last four years, with iPadOS 15 adoption lower at 57%. Adoption of iOS 15 is considerably lower than iOS 14, which was installed on more than 80% of all iPhones released in the last four years. Even iOS 13 experienced faster adoption rates than iOS 15 as it was installed on 77% of iPhones by January of 2020.

With the newly disclosed security exploits patched in iOS 15 and iPadOS 15, and iOS 15.1 and iPadOS 15.1, users are strongly encouraged to update to the latest iOS and iPadOS versions. The newest released versions are iOS 15.2.1 and iPadOS 15.2.1, while Apple has seeded iOS 15.3 and iPadOS 15.3 betas to developers and public beta testers.

Apple in June said that it would give users a choice when iOS 15 launched as to whether they would wish to update to the newest version or continue to receive iOS 14 security updates. The latter option is no longer available, as Apple is now more aggressively pushing users to update to iOS 15, with users still running on iOS 14 no longer receiving standalone security updates.

Apple says the option to remain on iOS 14 and continue to receive security updates was always meant to be temporary.

Related Roundup: iPadOS 15
Tag: Apple Privacy
Related Forum: iOS 15

Top Rated Comments

TheFluffyDuck Avatar
TheFluffyDuck
12 months ago
Having servers in China, and some big brother AI photo scanning nonsense to "save children" is also a massive security hole as well. Might want to patch those as well.
Score: 16 Votes (Like | Disagree)
macguru212 Avatar
macguru212
12 months ago
totally OT but i misread the text as "Pricey. That's iPhone."

I need glasses.?
Score: 14 Votes (Like | Disagree)
jdavid_rp Avatar
jdavid_rp
12 months ago

Oh boy.

If the New AMD graphics chip with Ray Tracing used in Samsung Galaxy S22 phones and future phones turns out to be AWESOME I won't have to deal with IOS 15 other than an iPad.
Yeah, im sure 30 minutes of raytracing gaming at 30FPS until the battery dies its the best thing ever that I would use everyday too.
Score: 11 Votes (Like | Disagree)
Alfred.Woodden Avatar
Alfred.Woodden
12 months ago

Well that statement right there pretty much blows a whole in their entire App Store-Is-A-Safe-Walled-Garden narrative.

If crap like this can get through as the App Store currently exists, I’m all for side loading apps from other sources since the security of the App Store is not what we’re led to believe.
Sideloading would probably increase it by a magnitude, maliciously, not by mistake which is the case here.
Score: 10 Votes (Like | Disagree)
contacos Avatar
contacos
12 months ago
the lack of transparency from Apple is sometimes really astonishing
Score: 10 Votes (Like | Disagree)
spartan1967 Avatar
spartan1967
12 months ago

It boggles my mind why people don't update their software. In today's world, security flaws should be the number one reason to update.
That’s why Apple needs to continue to update 14.
Score: 7 Votes (Like | Disagree)
Read All Comments

Related Stories

ios 15

Apple Seeds iOS 15.3 and iPadOS 15.3 Release Candidates to Developers [Update: Public Beta Available]

Thursday January 20, 2022 10:13 am PST by
Apple today seeded the release candidate versions of upcoming iOS 15.3 and iPadOS 15.3 updates to developers for testing purposes, with the new software coming one week after the launch of the second betas and over a month after the launch of iOS 15.2 and iPadOS 15.2. iOS and iPadOS 15.3 can be downloaded through the Apple Developer Center or over the air after the proper profile has been...
Read Full Article39 comments
iOS 15

Apple Seeds Third Betas of iOS 15.4 and iPadOS 15.4 to Developers

Tuesday February 15, 2022 10:02 am PST by
Apple today seeded the third betas of upcoming iOS 15.4 and iPadOS 15.4 updates to developers for testing purposes, with the new software coming one week after Apple seeded the second betas of iOS 15.4 and iPadOS 15.4. Developers can download iOS 15.4 and iPadOS 15.4 through the Apple Developer Center or over the air after the proper profile has been installed on an iPhone or iPad. iOS...
Read Full Article31 comments
iOS 15 General Feature Purple

iOS 15.3 Beta Leaks With Only Minor Changes as Apple Prepares for More Feature-Packed Updates in the Spring [Updated]

Friday December 17, 2021 7:18 am PST by
What appears to be the initial beta of the upcoming iOS and iPadOS 15.3 update has leaked, revealing that the next major iPhone and iPad update is likely to be focused on bug fixes, performance improvements, and security enhancements, rather than larger features destined to be part of software updates in the upcoming spring. The build of the iOS 15.3 beta, obtained by MacRumors, includes...
Read Full Article61 comments
ios 15

Apple Seeds Second Betas of iOS 15.3 and iPadOS 15.3 to Developers

Wednesday January 12, 2022 10:08 am PST by
Apple today seeded the second betas of upcoming iOS 15.3 and iPadOS 15.3 updates to developers for testing purposes, with the new software coming three weeks after the launch of the first betas and a month after the launch of iOS 15.2 and iPadOS 15.2. iOS and iPadOS 15.3 can be downloaded through the Apple Developer Center or over the air after the proper profile has been installed on an...
Read Full Article20 comments
General iOS 14

iOS 14.7.1 and macOS Big Sur 11.5.1 Patch Security Vulnerability That May Have Been Actively Exploited

Monday July 26, 2021 11:55 am PDT by
Apple today released unexpected iOS 14.7.1 and iPadOS 14.7.1 updates to the public, and according to a newly released support document, the software addresses a serious security vulnerability that may have been exploited in the wild. Apple says that an application may have been able to execute arbitrary code with kernel privileges due to a memory corruption issue. "Apple is aware of a report ...
Read Full Article59 comments
iOS App Store General Feature gray blue

Apple Seeds Third Public Betas of iOS 15.4 and iPadOS 15.4 With Universal Control, Face ID With Mask Support and More

Wednesday February 16, 2022 10:08 am PST by
Apple today seeded the third betas of upcoming iOS 15.4 and iPadOS 15.4 updates to public beta testers, with the software coming a week after Apple seeded the second public betas. iOS and iPadOS 15.4 can be downloaded over the air after the proper profile from Apple's public beta testing website has been installed on an iPhone or iPad. iOS 15.4 and iPadOS 15.4 are major updates. iOS 15.4...
Read Full Article9 comments
ipad iphone duo ios 12

Apple Releases iOS and iPadOS 12.5.4 Security Fix for Older iPhones and iPads

Monday June 14, 2021 10:15 am PDT by
Apple today released new iOS and iPadOS 12.5.4 updates, with the new software aimed at older devices that are unable to run the iOS 14 update that's available on modern devices. The iOS and iPadOS 12.5.4 updates can be downloaded for free and the software is available on all eligible devices over-the-air in the Settings app. To access the new software, go to Settings > General > Software...
Read Full Article54 comments
ios 15

Apple Releases Minor iOS 15.2.1 and iPadOS 15.2.1 Updates

Wednesday January 12, 2022 10:05 am PST by
Apple today released minor 15.2.1 updates for iPhone and iPad users, and the software comes one month after Apple launched iOS 15.2 and iPadOS 15.2 with a slew of improvements. The iOS 15.2.1 and iPadOS 15.2.1 update can be downloaded for free and the software is available on all eligible devices over-the-air in the Settings app. To access the new software, go to Settings > General >...
Read Full Article46 comments

Popular Stories

Emergency SOS via Satellite iPhone YT

Apple's iPhone 14 Emergency SOS via Satellite Feature Saves Stranded Man in Alaska

Thursday December 1, 2022 4:37 pm PST by
With the launch of iOS 16.1, Apple rolled out a Emergency SOS via Satellite, which is designed to allow iPhone 14 owners to contact emergency services using satellite connectivity when no cellular or WiFi connection is available. The feature was put to the test in Alaska today, when a man became stranded in a rural area. In the early hours of the morning on December 1, Alaska State Troopers ...
Read Full Article230 comments
iPhone Measure Height

Newer iPhones Allow You to Measure Someone's Height Instantly — Here's How

Saturday December 3, 2022 10:23 am PST by
iPhone 12 Pro and Pro Max, iPhone 13 Pro and Pro Max, and iPhone 14 Pro and Pro Max models feature a LiDAR Scanner next to the rear camera that can be used to measure a person's height instantly in Apple's preinstalled Measure app. To measure a person's height, simply open the Measure app, point your iPhone at the person you want to measure, and make sure they are visible on the screen from...
Read Full Article130 comments
General iOS 16 Feature Yellow

iOS 16.2 for iPhone Launching This Month With These 8 New Features

Thursday December 1, 2022 8:44 am PST by
Apple plans to publicly release iOS 16.2 for the iPhone in mid-December, according to Bloomberg's Mark Gurman. The update remains in beta testing for now, with at least eight new features and changes already uncovered so far. iOS 16.2 introduces a number of new features, including Apple's new whiteboard app Freeform, two new Lock Screen widgets for Sleep and Medications, the ability to hide...
Read Full Article
iOS 16

When Will iOS 16.2 Be Released?

Friday December 2, 2022 2:13 pm PST by
Apple in late October began testing iOS 16.2 and iPadOS 16.2 updates, providing betas to both developers and public beta testers. As of now, we've had four total betas, with the fourth beta having been released earlier this week. iOS 16.2 and iPadOS 16.2 are expected before the end of the year, and we thought we'd try to narrow down the launch timeline. With only four betas released since...
Read Full Article52 comments
14 vs 16 inch mbp m2 pro and max feature 1

Major RAM Upgrade Coming to Next-Generation MacBook Pro

Friday December 2, 2022 2:03 am PST by
The next-generation MacBook Pro models could feature faster RAM, according to a recent report from a reliable source. MacRumors Forums member "Amethyst," who accurately revealed details about the Mac Studio and Studio Display before those products were announced, recently provided information about Apple's upcoming 14- and 16-inch MacBook Pro models. The new machines are expected to feature...
Read Full Article
iPad 10 Battery Pull Tabs

iPad 10 Teardown Reveals Why Device Isn't Compatible With Apple Pencil 2

Thursday December 1, 2022 10:48 am PST by
Do-it-yourself repair website iFixit today shared a video teardown of Apple's new 10th-generation iPad, providing a closer look inside the tablet and revealing why the device lacks support for the second-generation Apple Pencil. The teardown reveals the internal layout of the iPad, including its two-cell 7,606 mAh battery, logic board with the A14 Bionic chip, and more. As suspected, the...
Read Full Article72 comments
android apple fix rcs

Google Again Criticizes Apple for Not Adopting RCS for Messages App: 'Their Texting is Stuck in the 1990s'

Friday December 2, 2022 10:54 am PST by
Google is continuing on with its attempt to convince Apple to adopt the RCS messaging standard, publishing a new "it's time for RCS" blog post. Promoted heavily by Google, RCS or Rich Communication Services is a messaging standard that is designed to replace the current SMS messaging standard. It provides support for higher resolution photos and videos, audio messages, and bigger file sizes, ...
Read Full Article567 comments
ios 16 2 beta notifiation center

PSA: Older Notifications No Longer Hidden in Notification Center in iOS 16.2 Beta 4

Friday December 2, 2022 5:23 am PST by
In a small but significant change to the way the Notification Center works in the latest iOS 16.2 beta, older notifications are now shown by default without having to swipe up. In the current release as well as earlier versions of iOS 16, users do not automatically see older notifications in the Notification Center like they did in iOS 15, and instead must manually swipe up from the middle...
Read Full Article56 comments
lastpass

LastPass Hacked for Second Time This Year

Friday December 2, 2022 4:04 am PST by
Password management app LastPass says it is investigating a security incident after an "unauthorized party" compromised its systems on Wednesday and gained access to some customer information. The information was stored in a third-party cloud service shared by LastPass and parent company GoTo, said LastPass CEO Karim Toubba in a blog post. Toubba said the hackers used information stolen from ...
Read Full Article182 comments
Apple Card Savings

Apple Card Customer Agreement Updated for 'Upcoming' Savings Account Feature

Friday December 2, 2022 11:43 am PST by
Goldman Sachs this week updated its Apple Card customer agreement to reflect the credit card's upcoming Daily Cash savings account feature, which was expected to launch with iOS 16.1 but appears to have been delayed. "To enable new ways to use Daily Cash like the upcoming Savings account feature, we are updating the Daily Cash Program section of your Apple Card Customer Agreement," reads an...
Read Full Article64 comments