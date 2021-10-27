iOS | iPadOS 15.1 patched a ton of security flaws in the operating system. One of them involved a Lock Screen issue that let an attacker access your contacts with Siri.

iOS 15.1 Security Notes

Here are just a few of the security patches.

Siri

Available for : iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact : A local attacker may be able to view contacts from the lock screen

: A local attacker may be able to view contacts from the lock screen Description : A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management.

: A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. CVE-2021-30875: Abhay Kailasia (@abhay_kailasia) of Lakshmi Narain College of Technology

Continuity Camera

: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact : A local attacker may be able to cause unexpected application termination or arbitrary code execution

: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description : This issue was addressed with improved checks.

: This issue was addressed with improved checks. CVE-2021-30903: an anonymous researcher

ColorSync

: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact : Processing a maliciously crafted image may lead to arbitrary code execution

: Processing a maliciously crafted image may lead to arbitrary code execution Description : A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation.

: A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. CVE-2021-30917: Alexandru-Vlad Niculae and Mateusz Jurczyk of Google Project Zero

FileProvider