Category: Apple|Jan 21, 2022 | Author: Admin

iOS 15-hole leaked private Apple ID data to third-party apps

• apple
• iphone
• mobile
• ios
• 15
• permalink

Share on

 Facebook |  Twitter |  LinkedIn |  Reddit

In a support document Apple has published, it appears that shortly after the launch of iOS 15, they closed two security holes.

 

One is said to have had a particularly large potential for damage, where it could be used to leak information about the user's Apple ID as well as search history in applications.

Sealed two holes
The bug fix should have taken place in September when it was introduced as "additional restrictions on third-party applications". The hole was given CVE code 2021-30898 with the following description:

 

Impact: A malicious application may be able to access some of the user’s Apple ID information, or recent in-app search terms

Description: An access issue was addressed with additional sandbox restrictions on third-party applications.

CVE-2021-30898: Steven Troughton-Smith of High Caffeine Content (@stroughtonsmith)

Entry added January 19, 2022

 

It should be the developer Steven Troughton-Smith who made Apple aware of the vulnerability. The company has not commented on whether any unauthorized persons have exploited the vulnerability before it was rectified.

 

Apple encourages updates
In addition to the bug fix, Apple says that iOS 15 has been installed on 72 percent of iPhone devices launched in the last four years.

 

We wrote earlier this week about how Apple has changed the tone over the last few weeks and no longer wants people to cling to iOS 14. At first, they seemed set on serving security updates specifically for iOS 14 so that those who wanted to stay on the old iOS software, could continue with this.

Comments: