Toggle Dark Mode
It was only four days ago that Apple sent out the final Release Candidate of iOS 15.5 to developers, and as of today, this next major point release of iOS 15 is available to everyone.
While iOS 15.5 offers a few interesting new features related to Apple Cash and Apple Podcasts, there’s not much here that will make most folks eagerly rush out and download it right away.
However, there are over two dozen other reasons you really should install iOS 15.5 without delay: Apple has fixed a staggering number of security issues in this latest release.
Specifically, Apple’s security content release notes, which weren’t published until today, list 27 security vulnerabilities fixed in today’s release of iOS 15.5 and iPadOS 15.5.
6 Apps Everyone Should Absolutely Have on Their iPhone & iPad - Number 1 is Our Favorite
The App Store has become completely oversaturated with all the same repetitive junk. Cut out the clutter: These are the only 6 iPhone apps you’ll ever need...Find Out More
This includes issues with internal frameworks used for rendering graphics, video, and images, vulnerabilities in the iOS 15 kernel, Apple’s Notes and Shortcuts apps, and several issues in WebKit — the framework used to power Safari and other browsers on the iPhone. There are also three security issues related to Wi-Fi.
This time around, the only silver lining is that none of these issues appear to have been actively exploited — at least not as far as Apple knows. That’s better than what we recently saw in iOS 15.3 and even iOS 15.2 before that, but it shouldn’t give you a false sense of security.
Firstly, just because Apple isn’t aware that a vulnerability has been actively exploited doesn’t mean that it hasn’t been. Hackers and less scrupulous security researchers may already know about some of these. After all, the only reason Apple knows about these is that outside parties reported them in the first place. Many of these reports also came from anonymous researchers.
However, more significantly, now that Apple has published these fixes, it’s told the entire world that these security problems exist in iOS 15.4. This means it will be open season for hackers and malware developers to try and exploit these to harm folks who haven’t been diligent about keeping their iPhones updated.
These aren’t minor vulnerabilities either. Many of them could allow hackers and scammers to run malicious code on your iPhone through something as simple as looking at a web page.
For example, a couple of the vulnerabilities would allow a “maliciously crafted image” or “maliciously crafted web content” to lead to “arbitrary code execution.” A security flaw like this would allow a hacker to post an image containing malware just about anywhere that you might come across it; simply looking at the image on your iPhone could trigger some code within the image that could do anything from merely crashing your iPhone to leaking personal data.
This is especially plausible when combined with other security vulnerabilities that Apple patched in iOS 15.5 that would allow access to restricted portions of memory and elevate privileges of code to access areas of the iPhone that are typically off-limits to third-party apps and web apps. Some even allow malicious code to be executed with “kernel privileges” — that is, full access to everything in your iPhone’s memory, from browsing history to passwords.
Understandably, many folks prefer to wait out new software updates to see if there are any serious bugs. However, in a world where malware and spyware are increasing almost daily, the days when it was considered prudent to remain on an older iOS version are long gone. The risks of not updating are potentially far more serious.