iOS 15.5 brings new Podcasts and Wallet features and a bunch of security fixes

Apple has released iOS 15.5, bringing new features to Pocasts and Wallet, overall performance enhancements and a bunch of security fixes.

Wallet now enables Apple Cash customers to send and request money from their Apple Cash card. In addition, ‌Apple Pay‌ in the Messages app has also been renamed “Apple Cash.”

Apple now refers to the physical Apple Card as the “Titanium Card” in the Wallet app and the iTunes Pass has been updated as well, now being referred to the Apple Account Balance.

Vaccinations records in the EU Digital COVID certificate format can now be added.

Apple Podcasts includes a new setting to limit episodes stored on your iPhone and automatically delete older ones, and there is now an option to turn off Automatic Downloads as default. 

iOS 15.5 fixes an issue where home automations, triggered by people arriving or leaving may fail and there now are WiFi signal bars that let you ensure the HomePod has a connection in the Home app.

iOS 15.5 adds support for the “External Link Account Entitlement” that allows reader apps to add a link to an external website for account creation and management purposes. An external link will allow an app like Netflix to offer a way to sign up for an account outside of the App Store in-app purchase system.

 iOS 15.5 brings a list of “Sensitive Locations” to the Photos app, which means those locations are blocked from showing up in memories.

iOS 15.5 reintroduces the Apple Music API that allows third-party Apple Music players to change the playback speeds of songs.

iOS 15.5 expands the Communication Safety in Messages feature to Australia, Canada, New Zealand, and the UK. Communication Safety in Messages, which was previously available in the United States, is designed to scan incoming and outgoing iMessage images on children’s devices for nudity and warn them that such photos might be harmful.

If nudity is detected in a photo that’s received by a child, the photo will be blurred and the child will be provided with resources from child safety groups. Nudity in a photo sent by a child will trigger a warning encouraging the child not to send the image.

Communication Safety is opt-in, privacy-focused, and must be enabled by parents. It is limited to the accounts of children, with detection done on-device.

iOS 15.5 Security Fixes

iOS 15.5 also brings nearly 30 security fixes, including flaws that allow malicious apps to execute arbitrary code with kernel privileges.

AppleAVD

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed with improved memory management.

AppleGraphicsControl

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved input validation.

AVEVideoEncoder

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: An out-of-bounds write issue was addressed with improved bounds checking.

DriverKit

Impact: A malicious application may be able to execute arbitrary code with system privileges

Description: An out-of-bounds access issue was addressed with improved bounds checking.

GPU Drivers

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved state management.

ImageIO

Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution

Description: An integer overflow issue was addressed with improved input validation.

IOKit

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A race condition was addressed with improved locking.

IOMobileFrameBuffer

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved state management.

IOSurfaceAccelerator

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved state management.

Kernel

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved validation.

Kernel

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed with improved memory management.

Kernel

Impact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations

Description: A memory corruption issue was addressed with improved validation.

Kernel

Impact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication

Description: A race condition was addressed with improved state handling.

LaunchServices

Impact: A sandboxed process may be able to circumvent sandbox restrictions

Description: An access issue was addressed with additional sandbox restrictions on third-party applications.

libxml2

Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution

Description: A use after free issue was addressed with improved memory management.

Notes

Impact: Processing a large input may lead to a denial of service

Description: This issue was addressed with improved checks.

Safari Private Browsing

Impact: A malicious website may be able to track users in Safari private browsing mode

Description: A logic issue was addressed with improved state management.

Security

Impact: A malicious app may be able to bypass signature validation

Description: A certificate parsing issue was addressed with improved checks.

Shortcuts

Impact: A person with physical access to an iOS device may be able to access photos from the lock screen

Description: An authorization issue was addressed with improved state management.

WebKit

Impact: Processing maliciously crafted web content may lead to code execution

Description: A memory corruption issue was addressed with improved state management.

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A use after free issue was addressed with improved memory management.

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved state management.

WebRTC

Impact: Video self-preview in a webRTC call may be interrupted if the user answers a phone call

Description: A logic issue in the handling of concurrent media was addressed with improved state handling.

Wi-Fi

Impact: A malicious application may disclose restricted memory

Description: A memory corruption issue was addressed with improved validation.

Impact: A malicious application may be able to elevate privileges

Description: A memory corruption issue was addressed with improved state management.

Impact: A remote attacker may be able to cause a denial of service

Description: This issue was addressed with improved checks.

Impact: A malicious application may be able to execute arbitrary code with system privileges

Description: A memory corruption issue was addressed with improved memory handling.

iOS 15.5 Availability

iOS 15.5 is available for iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

You can download the update by opening the Settings app and going to General > Software Update.