With the release of iOS 15, Apple fixed two dangerous security vulnerabilities that could have exposed users’ private Apple ID information and in-app search history.
As confirmed by Apple itself, this information could have been sent to malicious third-party apps and allowed those apps to override users’ privacy preferences.
As often happens with the release of iOS, macOS, tvOS and watchOS updates, Apple provides an initial list of fixed security vulnerabilities which is then updated later, once the investigation is complete on a specific vulnerability that does not appear. not yet on the list.
This latest exploit was discovered by developer Steve Troughton-Smith, whom Apple credited for helping fix the vulnerability. Specifically, this flaw would have allowed an attacker to access certain private information from a user’s Apple ID and read the search history within the app. Apple does not say if this exploit was actually exploited before the release of the patch.