This article has been indexed from MacRumors: Mac News and Rumors – Front Page
Apple patched two significant security vulnerabilities when it released iOS 15 that could have potentially exposed users’ private Apple ID information and in-app search history to malicious third-party apps and allowed apps to override user Privacy preferences, Apple has revealed in a recent support document update.
With most iOS, macOS, tvOS, and watchOS updates, Apple provides a list of security vulnerabilities patched in that update. Apple maintains a list of security fixes and occasionally updates them with new entries once an investigation of a specific security vulnerability is completed.
Released in September, iOS and iPadOS 15 introduced “additional sandbox restrictions on third-party applications” as a patch, and Apple credits developer Steve Troughton-Smith for assisting it in finding and patching the vulnerability.
Impact: A malicious application may be able to access some of the user’s Apple ID information, or recent in-app search terms
Description: An access issue was addressed with additional sandbox restrictions on third-party applications.
CVE-2021-30898: Steven Troughton-Smith of High Caffeine Content (@stroughtonsmith)
Entry added January 19, 2022
Apple does not offer any indication that this particular exploit was actively used in the wild.
In addition, iOS 15, iPadOS 15, and watchOS 8.0 also patched a security exploit that could allow a third-party app to bypass Privacy preferences. Apple does not provide any more information as to the specifics of the exploit and does not indicate it was actively used.
Apple also updated its security content pages for iOS 15.1, iOS 14, tvOS 15, tvOS 15.1, macOS Big Sur 11.6.1, macOS Big Sur 11.6, and more with newly disclosed security vulnerabilities fo
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: iOS 15 Patched Security Hole That Potentially Exposed Users’ Private Apple ID Information to Third-Party Apps