Apple has released iOS 15.3 which is all about fixing bugs — the most serious of which is a dangerous Safari vulnerability. iOS 15.3 also brings fixes for ColorSync, iCloud and others.
The core of the Safari vulnerability revolves around Safari’s IndexedDB API — a component of the web browser that stores user data. An exploit made it possible for bad actors to access that API and view users’ full browsing history.
Making matters worse, attackers could possibly use the API to obtain someone’s Google account and tons of personal information related to it.
This Safari vulnerability is now fixed with iOS 15.3
iOS 15.3 Bug Fixes
A memory corruption issue was addressed with improved validation.
A logic issue was addressed with improved validation.
An issue existed within the path validation logic for symlinks, which meant an application may be able to access a user’s files.
This issue was addressed with improved path sanitization.
A malicious application may have been be able to execute arbitrary code with kernel privileges, and Apple is aware of a report that this issue may have been actively exploited.
A memory corruption issue was addressed with improved input validation.
A malicious application may have been able to execute arbitrary code with kernel privileges. A buffer overflow issue was addressed with improved memory handling.
Processing a maliciously crafted STL file may lead to unexpected application termination or arbitrary code execution.
An information disclosure issue was addressed with improved state management.
Processing maliciously crafted web content may lead to arbitrary code execution and a use after free issue was addressed with improved memory management.
Processing maliciously crafted web content may prevent Content Security Policy from being enforced. A logic issue was addressed with improved state management.
iOS 15.3 does not contain any new features.
You can download the update by opening the Settings app and going to General > Software Update.