Category: Apple|Jan 21, 2022 | Author: Admin

iOS 15-hole leaked private Apple ID data to third-party apps

Share on

In a support document Apple has published, it appears that shortly after the launch of iOS 15, they closed two security holes.

 

One is said to have had a particularly large potential for damage, where it could be used to leak information about the user's Apple ID as well as search history in applications.

Sealed two holes
The bug fix should have taken place in September when it was introduced as "additional restrictions on third-party applications". The hole was given CVE code 2021-30898 with the following description:

 

Impact: A malicious application may be able to access some of the user’s Apple ID information, or recent in-app search terms


Description: An access issue was addressed with additional sandbox restrictions on third-party applications.


CVE-2021-30898: Steven Troughton-Smith of High Caffeine Content (@stroughtonsmith)


Entry added January 19, 2022

 

It should be the developer Steven Troughton-Smith who made Apple aware of the vulnerability. The company has not commented on whether any unauthorized persons have exploited the vulnerability before it was rectified.

 

Apple encourages updates
In addition to the bug fix, Apple says that iOS 15 has been installed on 72 percent of iPhone devices launched in the last four years.

 

We wrote earlier this week about how Apple has changed the tone over the last few weeks and no longer wants people to cling to iOS 14. At first, they seemed set on serving security updates specifically for iOS 14 so that those who wanted to stay on the old iOS software, could continue with this.

Sources: macrumors

Sponsored Ads:

Comments:


You were not meant to see this

Category: General|Mar 18, 2022 | Author: Admin

OpenSSL squarely rooted by cert parsing bug

Category: IT|Mar 17, 2022 | Author: Admin

Former Nintendo boss skin braids Meta: - They do nothing innovative

Category: General|Mar 16, 2022 | Author: Admin

That's why Ubisoft was down: "We were hacked"

Category: General|Mar 15, 2022 | Author: Admin

Reveals: "New Mac mini gets M2 and M2 Pro"

Category: Apple|Mar 14, 2022 | Author: Admin

FREE: Gamers love this game

Category: IT|Mar 13, 2022 | Author: Admin

Steam Deck will not arrive in Norway until "after the third quarter"

Category: General|Mar 12, 2022 | Author: Admin

Did you notice Apple's incredible RTX 3090 claim?

Category: General|Mar 11, 2022 | Author: Admin

Be careful: they recall these coolers

Category: IT|Mar 10, 2022 | Author: Admin

Developers can download iOS 15.4 and new macOS now - everyone can update next week

Category: Apple|Mar 9, 2022 | Author: Admin

Soon, OnePlus can be charged to 50 percent in 5 minutes

Category: General|Mar 8, 2022 | Author: Admin

Mac Studio is Apple's new machine

Category: Apple|Mar 7, 2022 | Author: Admin

Google, Microsoft, Apple, and Mozilla join forces to make browsers better

Category: IT|Mar 6, 2022 | Author: Admin

UPDATED: Microsoft has also stopped all sales in Russia

Category: Microsoft|Mar 5, 2022 | Author: Admin

The giants are joining forces for a new chip standard

Category: IT|Mar 4, 2022 | Author: Admin
more