What you need to know
- Apple has confirmed some major security fixes that went into iOS 15.
- A newly-updated list includes a flaw that could unlock Face ID using a 3D model.
- Another could access some of a user's Apple ID information or recent in-app search terms.
Apple has confirmed several major security flaws in both the iPhone and iPad that it fixed with the release of iOS 15 last year.
One such issue was a Sandbox vulnerability where a malicious app could bypass Privacy preferences and a Coregraphics issue where a maliciously crafted image could lead to arbitrary code execution.
More interestingly, Apple notes a fixed flaw with Face ID:
Apple says that improved anti-spoofing models were added to prevent this. Another interesting vulnerability discovered by high-profile developer Steve Troughton Smith allowed "A malicious application may be able to access some of the user's Apple ID information, or recent in-app search terms" before Apple patched the issue. Further issues include the processing of a maliciously crafted USD file that could expose memory contents, a lock screen issue that allowed access to contacts on a locked device, and the prospect of an attacker "in physical proximity" forcing a device in setup onto a malicious Wi-Fi network.
As per SupportDiffs Apple has added a raft of new security notes to many of its documents.
Master your iPhone in minutes
iMore offers spot-on advice and guidance from our team of experts, with decades of Apple device experience to lean on. Learn more with iMore!
Stephen Warwick has written about Apple for five years at iMore and previously elsewhere. He covers all of iMore's latest breaking news regarding all of Apple's products and services, both hardware and software. Stephen has interviewed industry experts in a range of fields including finance, litigation, security, and more. He also specializes in curating and reviewing audio hardware and has experience beyond journalism in sound engineering, production, and design.
Before becoming a writer Stephen studied Ancient History at University and also worked at Apple for more than two years. Stephen is also a host on the iMore show, a weekly podcast recorded live that discusses the latest in breaking Apple news, as well as featuring fun trivia about all things Apple. Follow him on Twitter @stephenwarwick9