iOS 15.1 Patched a Siri Bug That Let Someone View Your Contacts

iOS 15.1 security notes

iOS | iPadOS 15.1 patched a ton of security flaws in the operating system. One of them involved a Lock Screen issue that let an attacker access your contacts with Siri.

iOS 15.1 Security Notes

Here are just a few of the security patches.

Siri

  • Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
  • Impact: A local attacker may be able to view contacts from the lock screen
  • Description: A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management.
  • CVE-2021-30875: Abhay Kailasia (@abhay_kailasia) of Lakshmi Narain College of Technology

Continuity Camera

  • Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
  • Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution
  • Description: This issue was addressed with improved checks.
  • CVE-2021-30903: an anonymous researcher

ColorSync

  • Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
  • Impact: Processing a maliciously crafted image may lead to arbitrary code execution
  • Description: A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation.
  • CVE-2021-30917: Alexandru-Vlad Niculae and Mateusz Jurczyk of Google Project Zero

FileProvider

  • Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
  • Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution
  • Description: An input validation issue was addressed with improved memory handling.
  • CVE-2021-30881: Simon Huang (@HuangShaomang) and pjf of IceSword Lab of Qihoo 360

Subscribe
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Inline Feedbacks
View all comments