Apple fixed this in iOS 15.3 and above
This Safari bug leaked Google's personal data and was already fixed in the betas. Now it also applies to anyone with a suitable device. The leak could have put browser data in the wrong hands. But there is much more. The updates also fix an IOMobileFrameBugger issue that allowed malicious apps to execute arbitrary code accessing the kernel. Apple says this vulnerability may have been actively exploited. Bugs were also fixed with the Crash Reporter, giving attackers root privileges. A ColorSync leak allowed arbitrary code to be run through a specially prepared file, and an iCLoud bug may have allowed other apps to access a user's files.
Most bugs affect all three operating systems: iOS, iPadOS, and macOS. In addition, there are a few that were specific to the Mac and have been fixed in macOS 12.2. For example, there was a flaw in PackageKit, where apps could access protected files. Some Mac bugs were also fixed in a separately released security update for macOS Catalina and macOS Big Sur. So even with older macOS versions you are still safe.
No fix for iOS 14 users
However, that doesn't apply to people stuck on iOS 14. Apple promised that you won't be forced to switch to iOS 15 immediately upon release, but can stay on iOS 14 for the time being. That period now appears to have become very short: there are no more security updates for iOS 14. Apple has since confirmed this. All fixed bugs can be found in iOS 15.3.
All fixed vulnerabilities can be found on these pages:
- General security updates
- Security measures iOS 15.3 and iPadOS 15.3
- Securities in macOS 12.2
In iOS/iPadOS there are a total of 10 fixed vulnerabilities, in macOS there are 13. If applicable, Apple also credits the discoverers, including employees of Trend Micro, the Tencent security lab and the Mercedes Benz innovation lab.