Become a MacRumors Supporter for $25/year with no ads, private forums, and more!

MacRumors

macrumors bot
Original poster
Apr 12, 2001
54,622
16,779


The iOS 15 and iPadOS 15 updates that were released today add improved anti-spoofing models for Face ID, further improving the security of facial recognition on the iPhone X and later and the iPad Pro models.

iPhone-13-Face-ID.jpeg

According to Apple's security support document for the updates, there was a Face ID vulnerability that could allow a Face ID iPhone to be unlocked and authenticated using a 3D model constructed to look like the iPhone's owner.

Apple says that this issue has been resolved through improvements to the Face ID feature, which is available on the iPhone X, iPhone XR, iPhone XS (all models), iPhone 11 (all models), iPhone 12 (all models), iPad Pro (11-inch), and iPad Pro (3rd generation).

There are a number of other security fixes included in the iOS 15 update, but none of the exploits were listed as being used in the wild. There was an issue with the Neural Engine that could allow an application to execute arbitrary code with system privileges on devices with a Neural Engine, and a CoreML bug could let attackers cause unexpected application termination or arbitrary code execution.

Apple also addressed issues with FontParser, Preferences, Siri, WebKit, and WiFi, all of which are outlined in Apple's full security document.

For those not particularly interested in the feature set that iOS 15 offers, it may still be a good idea to upgrade just to get the full suite of security fixes that Apple has deployed.

Article Link: iOS 15 Includes Improved Face ID Anti-Spoofing Models and Other Vulnerability Fixes
 
Last edited:

subi257

macrumors 65816
Sep 13, 2018
1,012
996
New Jersey
"For those not particularly interested in the feature set that iOS 15 offers, it may still be a good idea to upgrade just to get the full suite of security fixes that Apple has deployed."

So the whole 'we will continue to release security updates for iOS 14 users' was a lie.
They always continue to realize security updates...for years afterwards.
 

nyuszika7h

macrumors newbie
Sep 19, 2020
29
68
Still, it doesn‘t change the fact that people can still open your phone by just pointing it to your face!
Not true. That's exactly what "Require Attention for Face ID" is for, and it's on by default. You need to have your eyes open and actively looking at the screen. If you're looking away, it won't unlock. It's not totally impossible but makes it harder for people to pull that off. But if you're so concerned about that, you can temporarily disable Face ID by holding the power and volume down buttons for a few seconds.
 
Last edited:

citysnaps

macrumors G3
Oct 10, 2011
8,180
14,257
San Francisco
"For those not particularly interested in the feature set that iOS 15 offers, it may still be a good idea to upgrade just to get the full suite of security fixes that Apple has deployed."

So the whole 'we will continue to release security updates for iOS 14 users' was a lie.

No, that's not true.



Seriously...why do you post stuff that's not true?
 

tgwaste

macrumors 65816
Sep 18, 2013
1,275
2,023
Yet still doesn't work in Landscape mode like iPad. 2.5 trillion dollar company.
 

David8753Co

macrumors newbie
Apr 3, 2018
6
9
you rather have your finger cut off?
I’ve Been hearing about this scenario for almost a decade now.

1. It’s a capacitive sensor. So even if someone cut off your finger and placed it on the phone it still wont unlock…needs electricity from your body
2. Unless the KGB or Jack Bauer is trying to get some info on your phone, this is an utterly absurd scenario. Stealing someone’s phone and cutting someone‘s finger off are on the complete opposite of the spectrum in terms of crime.

People who steal phones are looking to sell it to make money. They aren’t looking to go to prison on a mayhem assault charges for your ~$1,000 smartphone

Seriously, stop watching TV and trying to cast all criminals on the same level. People don’t just cut fingers off because they want to see your emails.

Try critical thinking
 

centauratlas

macrumors 65816
Jan 29, 2003
1,467
2,552
Florida
If anyone is that worried about Face ID or Touch ID access to their phone, the easy answer is to turn them off.

Just use a passcode - and don't make it 1234

Really though, Apple is doing a good job protecting with both Face and Touch ID. It is merely a question of your security needs/security profile required vs ease of access.
 

xmach

macrumors member
Sep 10, 2020
57
39
I still get critical security updates for Mojave
I don't think that's accurate. Apple last issued a security update for Mojave on July 21st. Since then, Apple has patched security holes in Catalina and Big Sur (just last week, on the 13th) but not in Mojave.

If you're still running Mojave, you have active/open/known security holes that unfortunately have not and almost certainly will not be addressed. For better and worse, to maintain a secure system, you have to upgrade to at least 10.15.
 

Shirasaki

macrumors G5
May 16, 2015
12,080
6,146
For better and worse, to maintain a secure system, you have to upgrade to at least 10.15.
There are tons of valid reasons to not upgrade, especially for performance and usability, as well as the compatibility (32-bit permanent cutoff in Catalina). Apple should still maintain critical updates for as many systems as possible even if they have been discontinued.
 

code-m

macrumors 68030
Apr 13, 2006
2,732
2,521
If anyone is that worried about Face ID or Touch ID access to their phone, the easy answer is to turn them off.

Just use a passcode - and don't make it 1234

Really though, Apple is doing a good job protecting with both Face and Touch ID. It is merely a question of your security needs/security profile required vs ease of access.
I use 4, 8, 15, 16, 23 and 42. Will I be okay 😝
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.