iOS 15

iOS 15.3 brings Safari Vulnerability fixes and other fixes

iOS 15.3 is all about bug fixes

Apple has released iOS 15.3 which is all about fixing bugs — the most serious of which is a dangerous Safari vulnerability. iOS 15.3 also brings fixes for ColorSync, iCloud and others.

The core of the Safari vulnerability revolves around Safari’s IndexedDB API — a component of the web browser that stores user data. An exploit made it possible for bad actors to access that API and view users’ full browsing history.

Making matters worse, attackers could possibly use the API to obtain someone’s Google account and tons of personal information related to it. 

This Safari vulnerability is now fixed with iOS 15.3

iOS 15.3 Bug Fixes

ColorSync

A memory corruption issue was addressed with improved validation.

Crash Reporter

A logic issue was addressed with improved validation.

iCloud

An issue existed within the path validation logic for symlinks, which meant an application may be able to access a user’s files.

This issue was addressed with improved path sanitization.

IOMobileFrameBuffer

A malicious application may have been be able to execute arbitrary code with kernel privileges, and Apple is aware of a report that this issue may have been actively exploited.

A memory corruption issue was addressed with improved input validation.

Kernel

A malicious application may have been able to execute arbitrary code with kernel privileges. A buffer overflow issue was addressed with improved memory handling.

Model I/O

Processing a maliciously crafted STL file may lead to unexpected application termination or arbitrary code execution.

An information disclosure issue was addressed with improved state management.

WebKit

Processing a maliciously crafted mail message may have lead to running arbitrary javascript. A validation issue was addressed with improved input sanitization.

Processing maliciously crafted web content may lead to arbitrary code execution and a use after free issue was addressed with improved memory management.

Processing maliciously crafted web content may prevent Content Security Policy from being enforced. A logic issue was addressed with improved state management.

iOS 15.3 does not contain any new features.

You can download the update by opening the Settings app and going to General > Software Update.