About the security content of iOS 15 and iPadOS 15
This document describes the security content of iOS 15 and iPadOS 15.
About Apple security updates
For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page.
Apple security documents reference vulnerabilities by CVE-ID when possible.
For more information about security, see the Apple Product Security page.
iOS 15 and iPadOS 15
Accessory Manager
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory consumption issue was addressed with improved memory handling.
CVE-2021-30837: Siddharth Aeri (@b1n4r1b01)
AppleMobileFileIntegrity
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A local attacker may be able to read sensitive information
Description: This issue was addressed with improved checks.
CVE-2021-30811: an anonymous researcher working with Compartir
Apple Neural Engine
Available for devices with Apple Neural Engine: iPhone 8 and later, iPad Pro (3rd generation) and later, iPad Air (3rd generation) and later, and iPad mini (5th generation)
Impact: A malicious application may be able to execute arbitrary code with system privileges on devices with an Apple Neural Engine
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2021-30838: proteas wang
bootp
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A device may be passively tracked by its WiFi MAC address
Description: A user privacy issue was addressed by removing the broadcast MAC address.
CVE-2021-30866: Fabien Duchêne of UCLouvain (Belgium)
CoreAudio
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing a malicious audio file may result in unexpected application termination or arbitrary code execution
Description: A logic issue was addressed with improved state management.
CVE-2021-30834: JunDong Xie of Ant Security Light-Year Lab
CoreGraphics
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: A memory corruption issue was addressed with improved input validation.
CVE-2021-30928: Mickey Jin (@patch1t) of Trend Micro
CoreML
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30825: hjy79425575 working with Trend Micro Zero Day Initiative
Face ID
Available for devices with Face ID: iPhone X, iPhone XR, iPhone XS (all models), iPhone 11 (all models), iPhone 12 (all models), iPad Pro (11-inch), and iPad Pro (3rd generation)
Impact: A 3D model constructed to look like the enrolled user may be able to authenticate via Face ID
Description: This issue was addressed by improving Face ID anti-spoofing models.
CVE-2021-30863: Wish Wu (吴潍浠 @wish_wu) of Ant Group Tianqiong Security Lab
FaceTime
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: An attacker with physical access to a device may be able to see private contact information
Description: The issue was addressed with improved permissions logic.
CVE-2021-30816: Atharv (@atharv0x0)
FaceTime
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: An application with microphone permission may unexpectedly access microphone input during a FaceTime call
Description: A logic issue was addressed with improved validation.
CVE-2021-30882: Adam Bellard and Spencer Reitman of Airtime
FontParser
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted font may result in the disclosure of process memory
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2021-30831: Xingwei Lin of Ant Security Light-Year Lab
FontParser
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted dfont file may lead to arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30840: Xingwei Lin of Ant Security Light-Year Lab
FontParser
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted dfont file may lead to arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30841: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-30842: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-30843: Xingwei Lin of Ant Security Light-Year Lab
Foundation
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A type confusion issue was addressed with improved memory handling.
CVE-2021-30852: Yinyi Wu (@3ndy1) of Ant Security Light-Year Lab
iCloud Photo Library
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A malicious application may be able to access photo metadata without needing permission to access photos
Description: The issue was addressed with improved authentication.
CVE-2021-30867: Csaba Fitzl (@theevilbit) of Offensive Security
ImageIO
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: A memory corruption issue was addressed with improved input validation.
CVE-2021-30814: hjy79425575
ImageIO
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30835: Ye Zhang of Baidu Security
CVE-2021-30847: Mike Zhang of Pangu Lab
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A malicious application may be able to execute arbitrary code with kernel privileges
Description: A race condition was addressed with improved locking.
CVE-2021-30857: Manish Bhatt of Red Team X @Meta, Zweig of Kunlun Lab
libexpat
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed by updating expat to version 2.4.1.
CVE-2013-0340: an anonymous researcher
Model I/O
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted USD file may disclose memory contents
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2021-30819: Apple
NetworkExtension
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A VPN configuration may be installed by an app without user permission
Description: An authorization issue was addressed with improved state management.
CVE-2021-30874: Javier Vieira Boccardo (linkedin.com/javier-vieira-boccardo)
Preferences
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: An application may be able to access restricted files
Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks.
CVE-2021-30855: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)
Preferences
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A sandboxed process may be able to circumvent sandbox restrictions
Description: A logic issue was addressed with improved state management.
CVE-2021-30854: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)
Privacy
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A malicious application may be able to access some of the user's Apple ID information, or recent in-app search terms
Description: An access issue was addressed with additional sandbox restrictions on third party applications.
CVE-2021-30898: Steven Troughton-Smith of High Caffeine Content (@stroughtonsmith)
Quick Look
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Previewing an html file attached to a note may unexpectedly contact remote servers
Description: A logic issue existed in the handling of document loads. This issue was addressed with improved state management.
CVE-2021-30870: Saif Hamed Al Hinai Oman CERT
Sandbox
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A malicious application may be able to bypass Privacy preferences
Description: The issue was addressed with improved permissions logic.
CVE-2021-30925: Csaba Fitzl (@theevilbit) of Offensive Security
Sandbox
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A malicious application may be able to modify protected parts of the file system
Description: This issue was addressed with improved checks.
CVE-2021-30808: Csaba Fitzl (@theevilbit) of Offensive Security
Siri
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A local attacker may be able to view contacts from the lock screen
Description: A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management.
CVE-2021-30815: Anshraj Srivastava (@AnshrajSrivas14) of UKEF
Telephony
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: An attacker in a privileged network position may be able to leak sensitive user information
Description: An access issue was addressed with improved access restrictions.
CVE-2021-31001: Rajanish Pathak (@h4ckologic) and Hardik Mehta (@hardw00t)
Telephony
Available for: iPhone SE (1st generation), iPad Pro 12.9-inch, iPad Air 2, iPad (5th generation), and iPad mini 4
Impact: In certain situations, the baseband would fail to enable integrity and ciphering protection
Description: A logic issue was addressed with improved state management.
CVE-2021-30826: CheolJun Park, Sangwook Bae and BeomSeok Oh of KAIST SysSec Lab
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Turning off "Block all remote content" may not apply to all remote content types
Description: A logic issue was addressed with improved state management.
CVE-2021-31005: Jonathan Austin of Wells Fargo, Attila Soki
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to code execution
Description: A type confusion issue was addressed with improved memory handling.
CVE-2021-31008
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A malicious website may exfiltrate data cross-origin
Description: An issue existed in the specification for the resource timing API. The specification was updated and the updated specification was implemented.
CVE-2021-30897: an anonymous researcher
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Visiting a maliciously crafted website may reveal a user's browsing history
Description: The issue was resolved with additional restrictions on CSS compositing.
CVE-2021-30884: an anonymous researcher
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A type confusion issue was addressed with improved state handling.
CVE-2021-30818: Amar Menezes (@amarekano) of Zon8Research
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted audio file may disclose restricted memory
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2021-30836: Peter Nguyen Vu Hoang of STAR Labs
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A use after free issue was addressed with improved memory management.
CVE-2021-30809: an anonymous researcher
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2021-30846: Sergei Glazunov of Google Project Zero
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to code execution
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2021-30848: Sergei Glazunov of Google Project Zero
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: Multiple memory corruption issues were addressed with improved memory handling.
CVE-2021-30849: Sergei Glazunov of Google Project Zero
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to code execution
Description: A memory corruption vulnerability was addressed with improved locking.
CVE-2021-30851: Samuel Groß of Google Project Zero
WebRTC
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive user information
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30930: Oguz Kırat, Matthias Keller (m-keller.com)
Wi-Fi
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: An attacker in physical proximity may be able to force a user onto a malicious Wi-Fi network during device setup
Description: An authorization issue was addressed with improved state management.
CVE-2021-30810: Peter Scott
Additional recognition
Assets
We would like to acknowledge Cees Elzinga for their assistance.
Bluetooth
We would like to acknowledge Dennis Heinze (@ttdennis) of TU Darmstadt, Secure Mobile Networking Lab for their assistance.
bootp
We would like to acknowledge Alexander Burke of alexburke.ca for their assistance.
FaceTime
Mohammed Waqqas Kakangarai
File System
We would like to acknowledge Siddharth Aeri (@b1n4r1b01) for their assistance.
Kernel
We would like to acknowledge Joshua Baums of Informatik Baums for their assistance.
Sandbox
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.
UIKit
We would like to acknowledge Jason Rendel of Diligent for their assistance.
WebKit
We would like to acknowledge Nikhil Mittal (@c0d3G33k) and an anonymous researcher for their assistance.
WebRTC
We would like to acknowledge Matthias Keller (m-keller.com) for their assistance.
Wi-Fi
We would like to acknowledge Peter Scott for their assistance.
Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.