Apple has announced the release of the iOS 15.3 and iPadOS 15.3 update to all users of supported iPhone, iPad, and iPod touch devices, after it has been in beta for weeks, with performance improvements and fixes for serious software vulnerabilities in the operating system.
The iOS update does not bring any new feature to users, but it does address some serious vulnerabilities, such as the one recently discovered in Safari 15, which is likely to leak users' browsing history and Google ID data.
This vulnerability lies in a cross-origin issue with the IndexedDB API, which enables any website to use this API to access the names of IndexedDB databases created by other websites during the same browsing session. A malicious site could exploit access to these IndexedDB databases to gain access to the user's web browsing history, and even to obtain its Google ID and personal data.
This update also contains a fix for a bug in IOMobileFrameBuffer that enables a malicious application to execute arbitrary code with kernel privileges.
IOMobileFramebuffer is a kernel extension for managing the frame buffer, and Apple says that the vulnerability in this extension may have been actively exploited, which means that hackers may already have exploited it to attack users, and that alone is reason enough to install this new update.
The third major update of iOS 15 includes a fix for an issue in iCloud that could enable apps to access user files, as well as a fix for an issue with Crash Reporter that could enable apps to gain root privileges.
The update includes a fix for a Model I/O issue that may lead to unexpected application termination or arbitrary code execution during processing a maliciously crafted STL file, as well as a kernel issue fix that allows malicious applications from executing arbitrary code with kernel privileges.
This update may not provide any new visual feature to users, but it solves many serious and critical security problems in iOS and iPadOS systems, and Apple recommends users install this update as soon as possible.
Users who are also on iOS 14 must upgrade to iOS 15.3 to get these security fixes, as Apple has stopped issuing security patches to iOS 14 users.
This update can be installed on iPhone 6s and later, iPhone SE 2016 and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad Mini 4 and later, and iPod touch (7th generation). Users can install it by going to device Settings → General → Software Update.
Post a Comment