Apple today released iOS 15.3 and iPadOS 15.3, its third major updates for iOS and iPadOS 15 operating systems released in September 2021. iOS and iPadOS 15.3 came almost two weeks after the release of iOS and iPadOS 15.2.1.
iOS 15.3 features
iOS 15.3 and iPadOS 15.3 updates are available for free download. All you have to do is go to Settings > General > Software Update from your iPhone or iPad and check and download new software.
iOS 15.3 specifically fixes 10 major security bugs, including a bug from Safari web browsing leak that could grant malicious apps access to root privileges and more.
Here are 10 major bugs fixed with iOS 15.3:
- ColorSync
Devices affected: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted file may lead to arbitrary code execution.
Description: A memory corruption issue was addressed with improved validation.
- Bug Reporter
Devices affected: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A malicious application may gain root privileges.
Description: A logic issue was addressed with improved validation.
- iCloud
Devices affected: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: An application may be able to access a user’s files.
Description: An issue existed in the path validation logic for symbolic links. This issue was addressed through improved path cleaning.
- IOMobileFrameBuffer
Devices affected: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A malicious application may be able to execute arbitrary code with kernel privileges. Apple was aware of a report that this issue may have been actively exploited.
Description: A memory corruption issue was addressed with improved input validation.
- kernel
Devices affected: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A malicious application may be able to execute arbitrary code with kernel privileges.
Description: A buffer overflow was addressed with improved memory handling.
- Model I/O
Devices affected: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted STL file may lead to unexpected application termination or arbitrary code execution.
Description: An information disclosure issue was addressed with improved state management.
- WebKit
Devices affected: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted mail message may lead to arbitrary javascript execution.
Description: A validation issue was addressed with improved input cleanup.
- WebKit
Devices affected: Phone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to arbitrary code execution.
Description: An after-free usage issue was addressed with improved memory management.
- WebKit
Devices affected: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing maliciously crafted web content may prevent the implementation of the Content Security Policy.
Description: A logic issue was addressed with improved state management.
- WebKit Storage
Devices affected: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A website may be able to monitor sensitive user information.
Description: A cross-origin issue was addressed in the IndexDB API with improved input validation.
20506
