Deutsch
Español
Français
Italiano
Nederlands
Polski
Português
Русский
Türkçe
Svenska
Chinese
MagyarApple releases new iOS and iPadOS updates to address ten security issues
Apple has released more security-focused updates for iOS and iPadOS, two weeks after the company issued versions 15.2.1 for both operating systems. While the two changelogs only clarify that iOS 15.3 and iPadOS 15.3 include 'bug fixes and security updates', a support document explains that iOS 15.3 and iPadOS 15.3 address the following security issues:
▶ iOS 15.3 and iPadOS 15.3 - CVEs
- ColorSync - CVE-2022-22584
- Impact: Processing a maliciously crafted file may lead to arbitrary code execution
- Description: A memory corruption issue was addressed with improved validation.
- Crash Reporter - CVE-2022-22578
- Impact: A malicious application may be able to gain root privileges
- Description: A logic issue was addressed with improved validation.
- iCloud - CVE-2022-22585
- Impact: An application may be able to access a user's files
- Description: An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization.
- IOMobileFrameBuffer - CVE-2022-22587
- Impact: A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
- Description: A memory corruption issue was addressed with improved input validation.
- Kernel - CVE-2022-22593
- Impact: A malicious application may be able to execute arbitrary code with kernel privileges
- Description: A buffer overflow issue was addressed with improved memory handling.
- Model I/O - CVE-2022-22579
- Impact: Processing a maliciously crafted STL file may lead to unexpected application termination or arbitrary code execution
- Description: An information disclosure issue was addressed with improved state management.
- WebKit - CVE-2022-22589
- Impact: Processing a maliciously crafted mail message may lead to running arbitrary javascript
- Description: A validation issue was addressed with improved input sanitization.
- WebKit - CVE-2022-22590
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: A use after free issue was addressed with improved memory management.
- WebKit - CVE-2022-22592
- Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced
- Description: A logic issue was addressed with improved state management.
- WebKit Storage - CVE-2022-22594
- Impact: A website may be able to track sensitive user information
- Description: A cross-origin issue in the IndexDB API was addressed with improved input validation.
The same support document adds that iOS 15.3 fixes these CVEs for the iPhone 6s and later. By contrast, iPadOS 15.3 resolves the same issues for all iPad Pro models, along with the iPad Air 2, iPad 5th generation, iPad mini 4 and the iPod Touch (7th Gen) or later. Both updates are rolling out now as over-the-air (OTA) downloads globally and can be triggered by navigating to Settings > General > Software Update.
For reference, iOS 15.3 and iPadOS 15.3 are rather large downloads. Download sizes vary too, with the iPhone 13 mini receiving a 1.06 GB update, compared to the sub-1 GB download for its predecessor. Additionally, iPadOS 15.3 is a circa 800 MB download for the iPad Pro 11 (2020). Unfortunately, neither OS update, the third major revision for iOS 15 and iPadOS 15, contain any feature updates or changes.
