Apple regularly releases new iOS updates that include new features. But usually there are also several security improvements. In fact, Apple regularly releases small bug fix updates that contain no new functions at all, but where only security vulnerabilities have been closed. It is therefore important to always keep your device up-to-date. This is also apparent today, because Apple recently solved a problem that allowed apps to retrieve personal data. This is stated in an updated support document on the Apple website.
Bug disclosed Apple ID information to malicious apps
The issue, reported by developer Steve Troughton-Smith (@stroughtonsmith), concerns your Apple ID data. It contains all kinds of personal data, such as e-mail address, telephone number, address and bank details. Due to a problem, malicious apps were able to retrieve some of this Apple ID personal information. The same also applies to search terms used in apps.
Apple has taken steps to close this leak. The sandbox, a kind of closed framework within which apps are allowed to function and extract information, has been further tightened for third-party apps. As a result, they can no longer access the personal data from your Apple ID. It is not clear what data malicious apps could access or whether this vulnerability was also exploited.
At the same time, there was also an issue where an app could bypass certain privacy preferences. This has also been addressed to prevent an app from using your location, for example, when you have not given permission for this.
The good news: it has already been fixed
The good news is that Apple solved both problems months ago. The fixes have been implemented in iOS 15, iPadOS 15 and watchOS 8, which were already released in September 2021. This means you are no longer in danger if you keep your device up-to-date. However, the situation with regard to users who are still on iOS 14 is not entirely clear. Apple makes no mention of these fixes in iOS 14.8.1's security notes, but it's also unclear whether users on older iOS 14 versions are still vulnerable.
It became clear this week that Apple is now advising everyone to update to the latest version of iOS 15. When iOS 15 was first available, it was still an optional update that gave users the choice to receive security updates for iOS 14 to get. iOS 14.8.1 is therefore the only security update that has been released since then. Since iOS 15.2, Apple no longer offers this version.