Apple this week is rolling out a key iOS update plugging an important vulnerability in the underlying software of iPhones and iPads worldwide. At the same time, more security updates are being rolled out to Mac, Apple TV and Apple Watch users.
iOS 15.2 packs over three dozen security fixes, chief among them a patch for a kernel vulnerability that earned researchers at Kunlun Lab $300,000 for its remote jailbreak capabilities.
Tracked as CVE-2021-30955, the flaw can be exploited to let a rogue app “execute arbitrary code with kernel privileges.” The Cupertino tech giant credits Zweig of Kunlun Lab for discovering and reporting the flaw.
The bug is notably present in current versions of macOS. An update for Mac users is also available to squash this bug – and many others – in macOS Monterey 12.1.
tvOS 15.2 and watchOS 8.3 are also rolling out fixes for their designated hardware.
Back on the iOS front, it’s important to note that iOS 15.2 addresses not just the aforementioned jailbreak bug, but many others scattered through different components making up the iPhone/iPad operating system.
For instance, the update patches a flaw in Password Manager that, if exploited, can enable an attacker with physical access to an iOS device to read stored passwords without authentication, according to the advisory.
As always, it’s important to apply these security fixes as soon as you get a chance. iOS has been notoriously buggy in recent years, especially in the zero-day-zero-click department, which prompted Apple to take legal action against those exploiting these flaws to deploy spyware.