On Friday, I received my iPhone 13 Pro Max which I am really enjoying. Yesterday, while out and about, I happened to check Software Update, and noticed that Apple released an iOS 15.0 update with build number 19A346.
In the above screen captures, you can see iOS 15.0 as shipped on iPhone 13 Pro Max (left) and iOS 15.0 on the same iPhone 13 after updating (right). The release notes did not say much other than it was a security update.
“This update provides important security updates and fixes an issue where widgets may revert to their default settings after restoring from a backup.”
The link provided in the release notes to the Apple Security Updates page as of the time of this post, had not yet been updated with the details of iOS 15.0 19A346.
However, a piece by Jim Salter writing for Ars Technica may shed some light as to what’s going on.
“[A] security researcher who goes by illusionofchaos dropped public notice of three zero-day vulnerabilities in Apple’s iOS mobile operating system. The vulnerability disclosures are mixed in with the researcher’s frustration with Apple’s Security Bounty program, which illusionofchaos says chose to cover up an earlier-reported bug without giving them credit.”
Apple has received criticism in the past for being slow to acknowledge bugs reported by security researchers. And, when vulnerabilities are confirmed, Apple can be equally slow to credit researchers and provide pay outs as part of the company’s Security Bounty program.
According to Salter, the security researcher, who goes by the name of illusionofchaos has posted example code of how the exploits work, meaning that an nefarious programmer can use the code to whip up a new malware attack against iOS devices.
My suggestion is that anyone who is running iOS 15.0 check Settings > Software Update for iOS 15.0 (19A346) and install it as soon as reasonably possible.
Interestingly, the same update was not available for my 10.5-inch iPad Pro nor my iPhone XR running the iOS 15.1 Public Beta.