Apple patched two critical security flaws with the release of iOS 15 that could potentially expose users’ private Apple ID information and in-app search history to malicious third-party apps and allow apps to override users’ privacy preferences, Apple The company revealed this in a recent support document update.
With most iOS, macOS, tvOS, and watchOS updates, Apple provide a list of security vulnerabilities patched in that update. Apple maintains a list of security fixes and occasionally updates it with new entries once an investigation of a particular security vulnerability is complete. The September release of iOS and iPad OS 15 introduced “additional sandbox restrictions for third-party apps” as a patch, and Apple credits developer Steve Troughton-Smith with helping it find and patch the vulnerability.
Apple has provided no indication that this particular vulnerability has been actively used externally. Additionally, iOS 15, iPadOS 15, and watchOS 8.0 also patch a security flaw that could allow third-party apps to bypass privacy preferences. Apple did not provide more specific information about the vulnerability or whether it was actively used.
Apple has also updated the security content pages for iOS 15.1, iOS 14, tvOS 15, tvOS 15.1, macOS Big Sur 11.6.1, macOS Big Sur 11.6, and more, each with newly disclosed security vulnerabilities. According to Apple, more than 72% of all iPhones released in the past four years have iOS 15 installed, with iPadOS 15 adoptions being lower at 57%.
The adoption rate of iOS 15 is significantly lower than iOS 14, which is installed on more than 80% of all iPhones released in the past four years. Even iOS 13 has seen faster adoption than iOS 15, as it was installed on 77% of iPhones as of January 2020. As the newly disclosed security flaws in iOS 15 and iPadOS 15 and iOS 15.1 and iPadOS 15.1 are patched, users are strongly advised to update to the latest iOS and iPadOS versions.
Apple is currently testing iOS 15.3 and iPadOS 15.3 with the public and developer testers, and the latest public versions are iOS 15.2.1 and iPadOS 15.2.1. Apple said in June that when iOS 15 rolls out, it will let users choose whether they want to update to the latest version or continue to receive security updates for iOS 14.
The latter is no longer an option, as Apple is now more aggressively pushing users to update to iOS 15, as those still running on iOS 14 will no longer receive standalone security updates. Apple says the option to stay on iOS 14 is always temporary.