Apple has revealed in a recent support document update that the release of iOS 15 patched two significant security vulnerabilities that could have exposed users’ private Apple ID information and in-app search history to third-party apps. The update also fixed a bug that allowed apps to override the user’s privacy preferences.
Apple says the September 2021 debut of iOS 15 and iPadOS 15 brought “additional sandbox restrictions on third-party applications” as a patch, and Apple credits developer Steve Troughton-Smith for his assistance in finding and patching the vulnerability.
Impact: A malicious application may be able to access some of the user’s Apple ID information, or recent in-app search terms
Description: An access issue was addressed with additional sandbox restrictions on third-party applications.
CVE-2021-30898: Steven Troughton-Smith of High Caffeine Content (@stroughtonsmith)
Entry added January 19, 2022
iOS 15, iPadOS 15, and watchOS 8.0 also patched a security hole that allowed a third-party app to bypass Privacy preferences.
Apple also updated its security content pages for iOS 15.1, iOS 14, tvOS 15, tvOS 15.1, macOS Big Sur 11.6.1, macOS Big Sur 11.6, and more with newly disclosed security vulnerabilities for each of the updates.