Apple has confirmed several major security flaws in both the iPhone and iPad that it fixed with the release of iOS 15 last year.
One such issue was a Sandbox vulnerability where a malicious app could bypass Privacy preferences and a Coregraphics issue where a maliciously crafted image could lead to arbitrary code execution.
More interestingly, Apple notes a fixed flaw with Face ID:
Available for devices with Face ID: iPhone X, iPhone XR, iPhone XS (all models), iPhone 11 (all models), iPhone 12 (all models), iPad Pro (11-inch), and iPad Pro (3rd generation)
Impact: A 3D model constructed to look like the enrolled user may be able to authenticate via Face ID
Apple says that improved anti-spoofing models were added to prevent this. Another interesting vulnerability discovered by high-profile developer Steve Troughton Smith allowed “A malicious application may be able to access some of the user’s Apple ID information, or recent in-app search terms” before Apple patched the issue. Further issues include the processing of a maliciously crafted USD file that could expose memory contents, a lock screen issue that allowed access to contacts on a locked device, and the prospect of an attacker “in physical proximity” forcing a device in setup onto a malicious Wi-Fi network.
As per SupportDiffs Apple has added a raft of new security notes to many of its documents.
We may earn a commission for purchases using our links. Learn more.