Just about everything Apple makes got updates on Wednesday - updates of the bug squishing, security fixing kind. A site after my own heart, 9 to 5 Mac says Apple made iOS 15.3 available to users. I say it’s a site after my own heart because Apple actually released both iOS and iPadOS 15.3, a point the text of the article makes clear. They only mention the iOS update in the headline though. I assume that’s because they know - as do we all - that they’re really still the same operating system. But let’s not argue.
Apple’s release notes for iOS 15.3 and - okay, fine - iPadOS 15.3 say it’s a bug squishing, security fixing affair. Actually they say, “iOS 15.3 includes bug fixes and security updates for your iPhone (or iPad in the case of iPadOS) and is recommended for all users.”
Probably the most prominent fix was the one tied to the IndexDB/Safari data leak issue. We talked about this one last week. What we heard then was that “WebKit's implementation of a JavaScript API called IndexDB” could reveal a users recent browsing history and even their identity. A piece from MacRumors described it, saying:
The bug allows any website that uses IndexDB for client-side data storage to access the names of IndexDB databases generated by other websites during a user's browsing session.
Install this week’s updates and you can change that “allows” to “allowed.” Apple’s security notes for the iOS/iPadOS release says without the patch, “A website may be able to track sensitive user information.” With the patch, “A cross-origin issue in the IndexDB API was addressed with improved input validation.”
While the Webkit data leaking IndexDB thing may get the most attention, it wasn’t the only serious flaw addressed. Apple’s release notes say it’s heard word that an issue tied to IOMobileFrameBuffer “may have been actively exploited.” Unpatched, the notes say “A malicious application may be able to execute arbitrary code with kernel privileges.”
Kernel Privileges, Major Pain. And I believe you both know General Mayhem.
At ease.
If those two fixes aren’t reason enough to update, iOSPadOS 15.3 patches eight more security vulnerabilities. Both updates are free. Each is available now in Settings on a given iPad, iPhone, and (one assumes) iPod touch.