This issue is addressed with improved memory handling. Access Control may be bypassed by certain malicous actors with ease. This issue is fixed in iOS 15.6, watchOS 8.7, and macOS High Sierra 10.3. Access Control may be bypassed by certain malicous actors with ease. This issue is fixed in iOS 15.6, watchOS 8.7, and macOS High Sierra 10.3. An issue where a maliciously crafted APK could be installed by a user via a malicious third-party app was addressed with improved app installation verification.
An issue where a maliciously crafted app could be installed via a malicious third-party app was addressed with improved app installation verification. An issue where a malicious app could install another malicious app with root privileges via a malicious third-party app was addressed with improved app installation verification. The issue where a malicious app could install another malicious app with root privileges via a malicious third-party app was addressed with improved app installation verification. An issue where sensitive information such as email addresses or authentication tokens could be displayed to a user via a malicious third-party app was addressed with improved input validation. This issue did not affect all users, but affected more users as the third-party app developers continually added more functionality
How to address this issue
In iOS 9.3, watchOS 3.2, and macOS 10.12.2, users of third-party apps that have been updated to be compatible with the latest versions of iOS, watchOS or macOS will automatically be protected from these malicious apps.
To address this issue in iOS 9.3, watchOS 3.2, and macOS 10.12.2:
Finding sensitive information in iOS apps
This issue did not affect all users, but affected more users as the third-party app developers continually added more functionality.
Timeline
Published on: 09/23/2022 19:15:00 UTC
Last modified on: 09/27/2022 19:32:00 UTC