Apple recently updated a support document and revealed that the iOS 15 update includes two critical security patches that prevent Apple ID information and in-app search history from being exposed to malicious third-party apps. The update also fixed a vulnerability that allowed apps to override your Privacy preferences and access sensitive data.
iOS 15 and iPadOS 15 included “additional sandbox restrictions” for third-party apps as a security patch when it debuted in September last year. Developer Steve Troughton-Smith has been credited with discovering and patching the vulnerability (CVE-2021-30898) that allowed malicious apps to access your Apple ID information and recent in-app search query data. Apple didn’t say if a working exploit for the loophole was caught in the wild.
The Cupertino-based firm also patched another security issue that could let third-party apps change your Privacy preferences. We believe unauthorized and ill-intentioned changes to these settings could pose a severe security risk, but Apple doesn’t provide additional information.
Apple recently stopped providing iOS 14 security updates, noting that the choice to stay on the older version was always meant to be temporary in the wake of iOS 15’s debut. The newly-revealed security patches are just another compelling reason why you should update to the latest version of iOS 15 if you’re still using outdated software. Data released earlier this month showed that only 72 percent of the iPhones released in the last four years have updated to iOS 15, mainly because Apple gave users a choice to continue using iOS 14 (although temporarily). The adoption rate is significantly lower than it was for older versions of iOS. We believe the metric will improve now that users don’t have a choice but to eventually update to iOS 15 or risk being victimized by bad actors exploiting security loopholes such as those described above.
Apple usually logs all the changes and security patches in the release notes for iOS updates. Sometimes, the listings are updated with additional information after vulnerabilities are thoroughly investigated, such as in this instance. Do you believe Apple should have continued providing iOS 14 security updates for longer? Please share your thoughts with us in the comments section!