iOS 15 Patched Security Hole That Potentially Exposed Users' Private Apple ID Information to Third-Party Apps

by

Apple patched two significant security vulnerabilities when it released iOS 15 that could have potentially exposed users' private Apple ID information and in-app search history to malicious third-party apps and allowed apps to override user Privacy preferences, Apple has revealed in a recent support document update.

appleprivacyad cleaned
With most iOS, macOS, tvOS, and watchOS updates, Apple provides a list of security vulnerabilities patched in that update. Apple maintains a list of security fixes and occasionally updates them with new entries once an investigation of a specific security vulnerability is completed.

Released in September, iOS and iPadOS 15 introduced "additional sandbox restrictions on third-party applications" as a patch, and Apple credits developer Steve Troughton-Smith for assisting it in finding and patching the vulnerability.

Impact: A malicious application may be able to access some of the user's Apple ID information, or recent in-app search terms
Description: An access issue was addressed with additional sandbox restrictions on third-party applications.
CVE-2021-30898: Steven Troughton-Smith of High Caffeine Content (@stroughtonsmith)
Entry added January 19, 2022

Apple does not offer any indication that this particular exploit was actively used in the wild.

In addition, iOS 15, iPadOS 15, and watchOS 8 also patched a security exploit that could allow a third-party app to bypass Privacy preferences. Apple does not provide any more information as to the specifics of the exploit and does not indicate it was actively used.

Apple also updated its security content pages for iOS 14, iOS 15.1, tvOS 15, tvOS 15.1, macOS Big Sur 11.6.1, macOS Big Sur 11.6, and more with newly disclosed security vulnerabilities for each of the updates.

According to Apple, iOS 15 is installed on more than 72% of all iPhones released in the last four years, with iPadOS 15 adoption lower at 57%. Adoption of iOS 15 is considerably lower than iOS 14, which was installed on more than 80% of all iPhones released in the last four years. Even iOS 13 experienced faster adoption rates than iOS 15 as it was installed on 77% of iPhones by January of 2020.

With the newly disclosed security exploits patched in iOS 15 and iPadOS 15, and iOS 15.1 and iPadOS 15.1, users are strongly encouraged to update to the latest iOS and iPadOS versions. The newest released versions are iOS 15.2.1 and iPadOS 15.2.1, while Apple has seeded iOS 15.3 and iPadOS 15.3 betas to developers and public beta testers.

Apple in June said that it would give users a choice when iOS 15 launched as to whether they would wish to update to the newest version or continue to receive iOS 14 security updates. The latter option is no longer available, as Apple is now more aggressively pushing users to update to iOS 15, with users still running on iOS 14 no longer receiving standalone security updates.

Apple says the option to remain on iOS 14 and continue to receive security updates was always meant to be temporary.

Related Roundups: iOS 15, iPadOS 15
Tag: Apple Privacy
Related Forum: iOS 15

Top Rated Comments

TheFluffyDuck Avatar
TheFluffyDuck
18 weeks ago
Having servers in China, and some big brother AI photo scanning nonsense to "save children" is also a massive security hole as well. Might want to patch those as well.
Score: 16 Votes (Like | Disagree)
macguru212 Avatar
macguru212
18 weeks ago
totally OT but i misread the text as "Pricey. That's iPhone."

I need glasses.?
Score: 14 Votes (Like | Disagree)
jdavid_rp Avatar
jdavid_rp
18 weeks ago

Oh boy.

If the New AMD graphics chip with Ray Tracing used in Samsung Galaxy S22 phones and future phones turns out to be AWESOME I won't have to deal with IOS 15 other than an iPad.
Yeah, im sure 30 minutes of raytracing gaming at 30FPS until the battery dies its the best thing ever that I would use everyday too.
Score: 11 Votes (Like | Disagree)
Alfred.Woodden Avatar
Alfred.Woodden
18 weeks ago

Well that statement right there pretty much blows a whole in their entire App Store-Is-A-Safe-Walled-Garden narrative.

If crap like this can get through as the App Store currently exists, I’m all for side loading apps from other sources since the security of the App Store is not what we’re led to believe.
Sideloading would probably increase it by a magnitude, maliciously, not by mistake which is the case here.
Score: 10 Votes (Like | Disagree)
contacos Avatar
contacos
18 weeks ago
the lack of transparency from Apple is sometimes really astonishing
Score: 10 Votes (Like | Disagree)
spartan1967 Avatar
spartan1967
18 weeks ago

It boggles my mind why people don't update their software. In today's world, security flaws should be the number one reason to update.
That’s why Apple needs to continue to update 14.
Score: 7 Votes (Like | Disagree)
Read All Comments

Related Stories

ios 15

Apple Seeds iOS 15.3 and iPadOS 15.3 Release Candidates to Developers [Update: Public Beta Available]

Thursday January 20, 2022 10:13 am PST by
Apple today seeded the release candidate versions of upcoming iOS 15.3 and iPadOS 15.3 updates to developers for testing purposes, with the new software coming one week after the launch of the second betas and over a month after the launch of iOS 15.2 and iPadOS 15.2. iOS and iPadOS 15.3 can be downloaded through the Apple Developer Center or over the air after the proper profile has been...
Read Full Article39 comments
iOS 15

Apple Seeds Third Betas of iOS 15.4 and iPadOS 15.4 to Developers

Tuesday February 15, 2022 10:02 am PST by
Apple today seeded the third betas of upcoming iOS 15.4 and iPadOS 15.4 updates to developers for testing purposes, with the new software coming one week after Apple seeded the second betas of iOS 15.4 and iPadOS 15.4. Developers can download iOS 15.4 and iPadOS 15.4 through the Apple Developer Center or over the air after the proper profile has been installed on an iPhone or iPad. iOS...
Read Full Article31 comments
iOS 15 General Feature Purple

iOS 15.3 Beta Leaks With Only Minor Changes as Apple Prepares for More Feature-Packed Updates in the Spring [Updated]

Friday December 17, 2021 7:18 am PST by
What appears to be the initial beta of the upcoming iOS and iPadOS 15.3 update has leaked, revealing that the next major iPhone and iPad update is likely to be focused on bug fixes, performance improvements, and security enhancements, rather than larger features destined to be part of software updates in the upcoming spring. The build of the iOS 15.3 beta, obtained by MacRumors, includes...
Read Full Article61 comments
ios 15

Apple Seeds Second Betas of iOS 15.3 and iPadOS 15.3 to Developers

Wednesday January 12, 2022 10:08 am PST by
Apple today seeded the second betas of upcoming iOS 15.3 and iPadOS 15.3 updates to developers for testing purposes, with the new software coming three weeks after the launch of the first betas and a month after the launch of iOS 15.2 and iPadOS 15.2. iOS and iPadOS 15.3 can be downloaded through the Apple Developer Center or over the air after the proper profile has been installed on an...
Read Full Article20 comments
General iOS 14

iOS 14.7.1 and macOS Big Sur 11.5.1 Patch Security Vulnerability That May Have Been Actively Exploited

Monday July 26, 2021 11:55 am PDT by
Apple today released unexpected iOS 14.7.1 and iPadOS 14.7.1 updates to the public, and according to a newly released support document, the software addresses a serious security vulnerability that may have been exploited in the wild. Apple says that an application may have been able to execute arbitrary code with kernel privileges due to a memory corruption issue. "Apple is aware of a report ...
Read Full Article59 comments
iOS App Store General Feature gray blue

Apple Seeds Third Public Betas of iOS 15.4 and iPadOS 15.4 With Universal Control, Face ID With Mask Support and More

Wednesday February 16, 2022 10:08 am PST by
Apple today seeded the third betas of upcoming iOS 15.4 and iPadOS 15.4 updates to public beta testers, with the software coming a week after Apple seeded the second public betas. iOS and iPadOS 15.4 can be downloaded over the air after the proper profile from Apple's public beta testing website has been installed on an iPhone or iPad. iOS 15.4 and iPadOS 15.4 are major updates. iOS 15.4...
Read Full Article9 comments
ipad iphone duo ios 12

Apple Releases iOS and iPadOS 12.5.4 Security Fix for Older iPhones and iPads

Monday June 14, 2021 10:15 am PDT by
Apple today released new iOS and iPadOS 12.5.4 updates, with the new software aimed at older devices that are unable to run the iOS 14 update that's available on modern devices. The iOS and iPadOS 12.5.4 updates can be downloaded for free and the software is available on all eligible devices over-the-air in the Settings app. To access the new software, go to Settings > General > Software...
Read Full Article54 comments
ios 15

Apple Releases Minor iOS 15.2.1 and iPadOS 15.2.1 Updates

Wednesday January 12, 2022 10:05 am PST by
Apple today released minor 15.2.1 updates for iPhone and iPad users, and the software comes one month after Apple launched iOS 15.2 and iPadOS 15.2 with a slew of improvements. The iOS 15.2.1 and iPadOS 15.2.1 update can be downloaded for free and the software is available on all eligible devices over-the-air in the Settings app. To access the new software, go to Settings > General >...
Read Full Article46 comments

Popular Stories

iPhone 14 Pro Purple Front and Back MacRumors Exclusive

iPhone 14 Pro Renders Highlight Multiple Design Changes

Wednesday May 25, 2022 8:56 am PDT by
Leaker Jon Prosser today shared ostensibly accurate renders of the iPhone 14 Pro, providing the most accurate look yet at what the device could look like when it launches later this year. In the latest video on YouTube channel Front Page Tech, Prosser revealed renders of the iPhone 14 Pro made by Apple concept graphic designer Ian Zelbo, highlighting a range of specific design changes...
Read Full Article123 comments
apple account card

Wallet App Now Supports Apple Account Cards on iOS 15.5

Wednesday May 25, 2022 5:01 pm PDT by
Apple appears to have recently updated the Wallet app to allow users to add an Apple Account Card, which displays the Apple credit balance associated with an Apple ID. If you receive an App Store or Apple Store gift card, for example, it is added to an Apple Account that was previously visible in the App Store and Apple Store apps. As of today, the Apple Account balance can also be added to...
Read Full Article62 comments
iphone 13 pro max display bleen

iPhone 14 Max Reportedly Weeks Behind Schedule [Updated]

Thursday May 26, 2022 7:25 am PDT by
The iPhone 14 Max is currently behind schedule by around three weeks, according to Haitong International Securities analyst Jeff Pu. Yesterday, Nikkei Asia reported that at least one iPhone 14 model was three weeks behind schedule due to the impact of lockdowns on Apple's supply chains in China, but it was not clear which iPhone 14 model this related to. Now, Pu has clarified that the model...
Read Full Article68 comments
iPad Pro USB C Feature Coral

Deals: Apple's iPad Pro Reaches Up to $449 Off in Amazon's Latest Sales

Wednesday May 25, 2022 10:09 am PDT by
Amazon is marking down a wide variety of 11-inch and 12.9-inch iPad Pro models this week, with prices starting as low as $749.00 for the 11-inch tablet. You'll find the full list of sales below, all of which can be found on Amazon. Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small payment, which helps us keep...
Read Full Article14 comments
iOS 16 mock for feature wishlist

iOS 16 Wishlist: Features MacRumors Readers Want to See in the Next Version of iOS

Friday May 27, 2022 2:15 pm PDT by
There's just over a week to go until the 2022 Worldwide Developers Conference, which is one of the biggest Apple events of the year. We've heard surprisingly little about iOS 16 this year, so we're in for some major surprises when June 6 rolls around. As we wait for the keynote event, we thought we'd share some iOS 16 wishlist items from MacRumors readers, because who knows? We just might...
Read Full Article251 comments
top stories 28may2022

Top Stories: WWDC 2022 Schedule, New Apple Watch Pride Bands, and More

Saturday May 28, 2022 6:00 am PDT by
It's Memorial Day weekend in the United States, and that means WWDC is right around the corner and anticipation is building for what we might see at the opening keynote. Software updates are a given, but will we see any new hardware? Other news this week included the annual release of new Pride-themed Apple Watch bands, iPhone 14 Pro rumors, and Sony's latest headphones that compete against...
Read Full Article17 comments
a16 5nm m2 3nm feature 2

Alleged Apple Chip Plans Suggest 'A16' Will Stick With 5nm, 'M2' to Make Jump to 3nm Instead

Friday May 27, 2022 6:54 am PDT by
The "A16" chip for the iPhone will reportedly be manufactured with the same process as the iPhone 13's A15 Bionic, with Apple saving a bigger performance leap for the "M2" chip designed for its next-generation Macs. Meanwhile, the company is working on a "final" M1 chip variant that uses more powerful cores from the A15, according to the leaker known as "ShrimpApplePro." In a thread on...
Read Full Article162 comments