Major iPhone security flaws fixed in iOS 15 revealed by Apple

Iphone 12 Pro Ios 15 Work Focus
Iphone 12 Pro Ios 15 Work Focus (Image credit: Christine Romero-Chan / iMore)

What you need to know

  • Apple has confirmed some major security fixes that went into iOS 15.
  • A newly-updated list includes a flaw that could unlock Face ID using a 3D model.
  • Another could access some of a user's Apple ID information or recent in-app search terms.

Apple has confirmed several major security flaws in both the iPhone and iPad that it fixed with the release of iOS 15 last year.

A newly-updated security support document as tracked on Twitter reveals several new entries published this week.

The issues impacted many of Apple's best iPhones including the iPhone 12 and iPhone 13, as well as many earlier devices.

One such issue was a Sandbox vulnerability where a malicious app could bypass Privacy preferences and a Coregraphics issue where a maliciously crafted image could lead to arbitrary code execution.

More interestingly, Apple notes a fixed flaw with Face ID:

Available for devices with Face ID: iPhone X, iPhone XR, iPhone XS (all models), iPhone 11 (all models), iPhone 12 (all models), iPad Pro (11-inch), and iPad Pro (3rd generation)Impact: A 3D model constructed to look like the enrolled user may be able to authenticate via Face ID

Apple says that improved anti-spoofing models were added to prevent this. Another interesting vulnerability discovered by high-profile developer Steve Troughton Smith allowed "A malicious application may be able to access some of the user's Apple ID information, or recent in-app search terms" before Apple patched the issue. Further issues include the processing of a maliciously crafted USD file that could expose memory contents, a lock screen issue that allowed access to contacts on a locked device, and the prospect of an attacker "in physical proximity" forcing a device in setup onto a malicious Wi-Fi network.

As per SupportDiffs Apple has added a raft of new security notes to many of its documents.

Stephen Warwick
News Editor

Stephen Warwick has written about Apple for five years at iMore and previously elsewhere. He covers all of iMore's latest breaking news regarding all of Apple's products and services, both hardware and software. Stephen has interviewed industry experts in a range of fields including finance, litigation, security, and more. He also specializes in curating and reviewing audio hardware and has experience beyond journalism in sound engineering, production, and design.

Before becoming a writer Stephen studied Ancient History at University and also worked at Apple for more than two years. Stephen is also a host on the iMore show, a weekly podcast recorded live that discusses the latest in breaking Apple news, as well as featuring fun trivia about all things Apple. Follow him on Twitter @stephenwarwick9