What you need to know
- Apple has confirmed some major security fixes that went into iOS 15.
- A newly-updated list includes a flaw that could unlock Face ID using a 3D model.
- Another could access some of a user's Apple ID information or recent in-app search terms.
Apple has confirmed several major security flaws in both the iPhone and iPad that it fixed with the release of iOS 15 last year.
A newly-updated security support document as tracked on Twitter reveals several new entries published this week.
The issues impacted many of Apple's best iPhones including the iPhone 12 and iPhone 13, as well as many earlier devices.
One such issue was a Sandbox vulnerability where a malicious app could bypass Privacy preferences and a Coregraphics issue where a maliciously crafted image could lead to arbitrary code execution.
More interestingly, Apple notes a fixed flaw with Face ID:
Available for devices with Face ID: iPhone X, iPhone XR, iPhone XS (all models), iPhone 11 (all models), iPhone 12 (all models), iPad Pro (11-inch), and iPad Pro (3rd generation)Impact: A 3D model constructed to look like the enrolled user may be able to authenticate via Face ID
Apple says that improved anti-spoofing models were added to prevent this. Another interesting vulnerability discovered by high-profile developer Steve Troughton Smith allowed "A malicious application may be able to access some of the user's Apple ID information, or recent in-app search terms" before Apple patched the issue. Further issues include the processing of a maliciously crafted USD file that could expose memory contents, a lock screen issue that allowed access to contacts on a locked device, and the prospect of an attacker "in physical proximity" forcing a device in setup onto a malicious Wi-Fi network.
As per SupportDiffs Apple has added a raft of new security notes to many of its documents.
