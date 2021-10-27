iOS | iPadOS 15.1 patched a ton of security flaws in the operating system. One of them involved a Lock Screen issue that let an attacker access your contacts with Siri.
iOS 15.1 Security Notes
Here are just a few of the security patches.
Siri
- Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
- Impact: A local attacker may be able to view contacts from the lock screen
- Description: A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management.
- CVE-2021-30875: Abhay Kailasia (@abhay_kailasia) of Lakshmi Narain College of Technology
Continuity Camera
- Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
- Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution
- Description: This issue was addressed with improved checks.
- CVE-2021-30903: an anonymous researcher
ColorSync
- Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
- Impact: Processing a maliciously crafted image may lead to arbitrary code execution
- Description: A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation.
- CVE-2021-30917: Alexandru-Vlad Niculae and Mateusz Jurczyk of Google Project Zero
FileProvider
- Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
- Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution
- Description: An input validation issue was addressed with improved memory handling.
- CVE-2021-30881: Simon Huang (@HuangShaomang) and pjf of IceSword Lab of Qihoo 360