iOS and iPadOS 15 fix a pretty serious security flaw that allowed third-party applications to access Apple ID information and recent search terms.
Apple this week confirmed the fix in an update to its security content guide for iOS 15. It does not look like the issue has been eliminated in iOS 14, which is no longer receiving standalone security updates.
iOS 15 squashes security bugs
This particular bug, which was first discovered by developer Steve Troughton-Smith, made it possible for a malicious application “to access some of the user’s Apple ID information, or recent in-app search terms,” Apple said. It’s important to note that it’s not the same bug that allows websites to access data that they shouldn’t have access to in Safari.
It’s not clear if the bug was ever exploited. Apple fixed it by imposing additional sandbox restrictions on third-party apps. It’s one of a long list of bugs and vulnerabilities eliminated in iOS and iPadOS 15, according to Apple’s guide.
Strangely, the same fix is not listed in the security content guide for iOS and iPad OS 14. That’s despite the release of a series of standalone security fixes for the last-generation operating system since iOS 15 landed last September.
And it doesn’t look like iOS 14 will ever get this fix now that Apple has stopped providing security patches for those who won’t update their devices. It is strongly recommended that you update to iOS 15 instead.
Big fixes for macOS and tvOS, too
Apple has also updated its security content documents for macOS 11.6.1 Big Sur, macOS 11.6 Big Sur, tvOS 15.1, and tvOS 15, listing all the fixes those if you’re interested.
