Apple iOS 15.3 and iPadOS 15.3 address a number of security vulnerabilities
The update fixes a vulnerability that malicious apps could exploit to run arbitrary code with kernel privileges.
The update also fixes the Safari bug that could let websites snoop in on a user's browsing data.
The update will be rolled out in a phased manner.
Apple has patched a number of security flaws including a few that may have been ‘actively exploited’ with the release of iOS 15.3 and iPadOS 15.3 updates for its mobile devices.
The updates will roll out for iPhone 6s and later, all iPad Pro variants, iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and the iPod touch (7th gen).
Important Vulnerabilities Fixed
The primary vulnerability is referred to as CVE-2022-22587. This is a memory corruption bug in IOMobileFrameBuffer (or FrameBuffer) which is a kernel extension that allows app developers to control the way their app handles the phone’s display. An app exploiting this vulnerability could execute malicious code with kernel privileges.
Another notable vulnerability was a Webkit bug in Safari, referred to as CVE-2022-22594. This bug could allow any website using a specific JavaScript API to check on another tab that the user might have opened in Safari and thus track sensitive user information. The bug could also be exploited to track a user’s browsing history and Google Account information via Safari or any other third party browser.
iOS 15.3 addresses a total of 10 vulnerabilities and issues related to gaining root privileges, iCloud exploits.
The security updates come a week after Apple released a fix for a bug in iOS and iPadOS that could allow HomeKit to be exploited using Denial of Service (DoS) attacks.
Should you update to iOS 15.3 or iPadOS 15.3?
Needless to say, this is an important update that addresses several privacy and security concerns. As always, the update will be pushed in a phased manner and you can go to Settings >> General >> Software update on your device to check if you have already received it
Deepak Singh
Deepak is Editor at Digit. He is passionate about technology and has been keeping an eye on emerging technology trends for nearly a decade. When he is not working, he likes to read and to spend quality time with his family. View Full Profile