While Apple does a solid enough job of detailing most of the new features baked into software updates, there are typically some elements that miss the big unveilings (or even the press releases soon after). And some aren’t necessarily meant to see the bright lights of a stage at all. Instead, they are buried within documentation. But that doesn’t make them any less important.
Take, for example, Apple’s new security documentation regarding the iOS 15 and iPadOS 15 software updates. We don’t hear about vulnerabilities tied to Face ID all that often — if ever. But it turns out there was a vulnerability related to the biometric security measure, which Apple has gone to great lengths to fix.
The documentation says that, if someone wanted to, they could build a 3D model of a particular iPhone owner’s head. If that model were detailed enough, it could be used to spoof Face ID and therefore grant access to the device. This fix is available for all iPhone models equipped with Face ID.
Which Apple breaks down in the documentation as such:
Available for devices with Face ID: iPhone X, iPhone XR, iPhone XS (all models), iPhone 11 (all models), iPhone 12 (all models), iPad Pro (11-inch), and iPad Pro (3rd generation)
Impact: A 3D model constructed to look like the enrolled user may be able to authenticate via Face ID
Description: This issue was addressed by improving Face ID anti-spoofing models.
CVE-2021-30863: Wish Wu (吴潍浠 @wish_wu) of Ant-financial Light-Year Security Lab
The security documentation lists several different exploits that Apple has patched in one way or another. And, more than that, the documentation shows that none of these exploits were utilized in the wild. Which is good news. But, it’s important to patch these issues as soon as possible, even if they might not be being actively exploited at the moment.