Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MacRumors

macrumors bot
Original poster
Apr 12, 2001
68,683
39,587


Apple patched two significant security vulnerabilities when it released iOS 15 that could have potentially exposed users' private Apple ID information and in-app search history to malicious third-party apps and allowed apps to override user Privacy preferences, Apple has revealed in a recent support document update.

appleprivacyad-cleaned.jpg

With most iOS, macOS, tvOS, and watchOS updates, Apple provides a list of security vulnerabilities patched in that update. Apple maintains a list of security fixes and occasionally updates them with new entries once an investigation of a specific security vulnerability is completed.

Released in September, iOS and iPadOS 15 introduced "additional sandbox restrictions on third-party applications" as a patch, and Apple credits developer Steve Troughton-Smith for assisting it in finding and patching the vulnerability.
Impact: A malicious application may be able to access some of the user's Apple ID information, or recent in-app search terms
Description: An access issue was addressed with additional sandbox restrictions on third-party applications.
CVE-2021-30898: Steven Troughton-Smith of High Caffeine Content (@stroughtonsmith)
Entry added January 19, 2022
Apple does not offer any indication that this particular exploit was actively used in the wild.

In addition, iOS 15, iPadOS 15, and watchOS 8 also patched a security exploit that could allow a third-party app to bypass Privacy preferences. Apple does not provide any more information as to the specifics of the exploit and does not indicate it was actively used.

Apple also updated its security content pages for iOS 14, iOS 15.1, tvOS 15, tvOS 15.1, macOS Big Sur 11.6.1, macOS Big Sur 11.6, and more with newly disclosed security vulnerabilities for each of the updates.

According to Apple, iOS 15 is installed on more than 72% of all iPhones released in the last four years, with iPadOS 15 adoption lower at 57%. Adoption of iOS 15 is considerably lower than iOS 14, which was installed on more than 80% of all iPhones released in the last four years. Even iOS 13 experienced faster adoption rates than iOS 15 as it was installed on 77% of iPhones by January of 2020.

With the newly disclosed security exploits patched in iOS 15 and iPadOS 15, and iOS 15.1 and iPadOS 15.1, users are strongly encouraged to update to the latest iOS and iPadOS versions. The newest released versions are iOS 15.2.1 and iPadOS 15.2.1, while Apple has seeded iOS 15.3 and iPadOS 15.3 betas to developers and public beta testers.

Apple in June said that it would give users a choice when iOS 15 launched as to whether they would wish to update to the newest version or continue to receive iOS 14 security updates. The latter option is no longer available, as Apple is now more aggressively pushing users to update to iOS 15, with users still running on iOS 14 no longer receiving standalone security updates.

Apple says the option to remain on iOS 14 and continue to receive security updates was always meant to be temporary.

Article Link: iOS 15 Patched Security Hole That Potentially Exposed Users' Private Apple ID Information to Third-Party Apps
 
Last edited:
It boggles my mind why people don't update their software. In today's world, security flaws should be the number one reason to update.
 
Impact: A malicious application may be able to access some of the user's Apple ID information..

Well that statement right there pretty much blows a whole in their entire App Store-Is-A-Safe-Walled-Garden narrative.

If crap like this can get through as the App Store currently exists, I’m all for side loading apps from other sources since the security of the App Store is not what we’re led to believe.
 
Well that statement right there pretty much blows a whole in their entire App Store-Is-A-Safe-Walled-Garden narrative.

If crap like this can get through as the App Store currently exists, I’m all for side loading apps from other sources since the security of the App Store is not what we’re led to believe.
Sideloading would probably increase it by a magnitude, maliciously, not by mistake which is the case here.
 
Some are probably a bit nervous about Apple themselves deliberately building potential security flaws into their upcoming software updates.
But Apple is pacthing known vulnerabilities that either are in the wild or could be at some point. Whichever new flaws are created with their updates and patches, won't be known to bad adversaries for a while. It's a never-ending cat and mouse game, and not updating because you're worried about new flaws is a bad strategy from a security point of view. Software has and will always have security flaws. Update your software! :)
 
But Apple is pacthing known vulnerabilities that either are in the wild or could be at some point. Whichever new flaws are created with their updates and patches, won't be known to bad adversaries for a while. It's a never-ending cat and mouse game, and not updating because you're worried about new flaws is a bad strategy from a security point of view. Software has and will always have security flaws. Update your software! :)

Yep. Agree with the overall sentiment but the choice becomes tricky when you know that Apple plan to deliberately compromise future updates and potentially cave into state pressure to exploit them at a later time. You can’t roll back once they stop signing older versions.
 
Well that statement right there pretty much blows a whole in their entire App Store-Is-A-Safe-Walled-Garden narrative.

If crap like this can get through as the App Store currently exists, I’m all for side loading apps from other sources since the security of the App Store is not what we’re led to believe.
So you're saying that if there's a hole in the garden's wall, we might as well just break the entire wall down?
 
Well that statement right there pretty much blows a whole in their entire App Store-Is-A-Safe-Walled-Garden narrative.

If crap like this can get through as the App Store currently exists, I’m all for side loading apps from other sources since the security of the App Store is not what we’re led to believe.

It's nice believing that 100% perfection exists 100% of the time, especially when humans are involved.

Perhaps it does on planet Ork. Certainly not here on planet Earth.
 
Last edited:
It's nice to believing that 100% perfection exists 100% of the time, especially when humans are involved.

Perhaps it does on planet Ork. Certainly not here on planet Earth.
That's the "throw the baby out with the bath water" crowd mentality. Since it isn't perfect, might as tear down the walls and let 'er rip...instead of a more rational approach of what needs to be done to improve it.
 
Yeah, im sure 30 minutes of raytracing gaming at 30FPS until the battery dies its the best thing ever that I would use everyday too.
Would the battery still die if you use it plugged in? Or would you suffer the third degree burns until the phone explodes?
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.