Toggle Dark Mode
If the cool new features in iOS 15.2 aren’t enough of an incentive to get you to update your iPhone, the staggering number of security vulnerabilities that Apple’s fixed in its latest update really should convince you to make the jump.
In fact, with a total of 38 different security and privacy fixes covering 17 different areas of the operating system, this update is near the top of the list when it comes to the sheer number of fixes related to potential security issues from prior versions.
The list of fixes also runs the gamut from user-facing apps like FaceTime and Notes to underlying services like Apple’s Password Manager, right down to the core iOS Kernel.
The good news is that, unlike some other recent critical security updates, none of the potential vulnerabilities on this rather long list appear to have been actively exploited by hackers — or at least if they have, Apple hasn’t been made aware of them.
These Incredible Apps Help You Save Money, Earn Cash, Cancel Unwanted Subscriptions, and Much More
The App Store has become completely oversaturated with all the same repetitive junk. Cut out the clutter: These are the only 6 iPhone apps you’ll ever need...Find Out More
That doesn’t mean that exploits might not be just around the corner, however, and with industrial-grade spyware like Pegasus making the rounds, Apple isn’t about to take any chances.
Hence, Apple is being even more proactive here, plugging as many holes as security researchers can find before they become a problem.
Here’s just a sampling of a few of the more potentially serious problems that malicious hackers could exploit:
- A user in a FaceTime call may unexpectedly leak sensitive user information through Live Photos metadata
- A person with physical access to an iOS device may be able to access stored passwords without authentication
- An application may be able to access a user’s files
- A malicious application may be able to identify what other applications a user has installed
- A malicious application may be able to bypass certain Privacy preferences
- Parsing a maliciously crafted audio file may lead to the disclosure of user information
- Processing a maliciously crafted USD file may disclose memory contents
This also doesn’t include the dozen or so issues that could allow applications to “execute arbitrary code with kernel privileges,” effectively granting them carte blanche to do almost anything they like on your iPhone.
Almost every one of the listed vulnerabilities was discovered by third-party security researchers, who responsibly disclosed them to Apple before publishing them to a wider audience. In its security bulletin, Apple acknowledges a wide variety of third parties, including researchers from Google’s Project Zero, Korea University, Bar-Ilan University, Zoom Video Communications, Jamf, several independent security researchers, and more.
It’s Time to Update
So, needless to say, that if you’re using an iPhone 6s or later, you really should update to iOS 15.2 as soon as possible — before hackers figure out how to exploit any of these vulnerabilities, which is even more likely now that the list has been published.
While it’s understandable that some folks may want to hold off on installing new iOS releases right away for fear of bugs, performance, or battery life issues, with all the malicious spyware out in the wild these days, the risk of being hit by a security exploit is far more dangerous and serious. The days when you could more safely sit back and wait are far behind us.
In fact, Apple is taking these problems so seriously that it’s also still releasing critical security fixes for iOS 14, even though every device compatible with iOS 14 can also be upgraded to iOS 15. However, Apple wants to make sure that its users are still protected, even if they aren’t yet ready to take the plunge into a major iOS 15 update.
Although it’s not clear if any of the vulnerabilities fixed in iOS 15.2 were present before iOS 15 came along, Apple released an iOS 14.8.1 update in late October that patched a dozen other vulnerabilities that still existed in that version.