Yesterday, on January the 26th, 2022, Apple released updates for all their devices.
iOS 15.3, iPadOS 15.3, tvOS 15.3, WatchOS 8.4, and MacOS 12.2 were released and all users are urged to update as soon as possible.
As always, Apple doesn’t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. However when updates are released, information about the exploits and security vulnerabilities is made available to the community, including people with malicious intents.
Let’s talk for example about iPhone and iPad. They are the most used Apple devices and assumed to be secure.
“Processing a maliciously crafted file may lead to arbitrary code execution, a malicious application may be able to gain root privileges, an application may be able to access a user’s files” are just some of the consequences of delaying the updates on these devices.
Of particular interest is the IOFrameBuffer vulnerability, that allows a malicious application to execute arbitrary code with kernel privileges on iPhone and iPad. Apple is aware of a report that this issue may have been actively exploited. In plain words this vulnerability has been exploited many times. The advice is to never install apps from unknown sources. It’s better if you always install apps from the official App Store, because this can minimize the risk of being involved in this kind of exploits.
Among the fixed vulnerabilities, for which I think you should update immediately, are the ones regarding WebKit that allows arbitrary malicious code execution and in some cases stealing your sensitive user information, by just visiting a web page with Safari or reading a simple email message.
Apple devices are fairly secure but only if you keep them updated and install apps only from the App Store. Please do not jailbreak your device and/or install apps using some obscure procedure found on the web just to use for free some app that you usually pay. This is going to increase the risk of compromising the security of your Apple device.
If you need further information about the security content of iOS 15.3 and iPad OS 15.3 you can visit the official document by Apple. https://support.apple.com/en-us/HT213053
These are the official links about the security content for the other Apple devices:
- WatchOS 8.4 https://support.apple.com/en-us/HT213059
- MacOS 12.2 https://support.apple.com/en-us/HT213054
- tvOS 15.3 https://support.apple.com/en-us/HT213057