Skip to content
Thoughtful, detailed coverage of everything Apple for 32 years
and the TidBITS Content Network for Apple professionals
11 comments

Apple Releases iOS 15.7.1 and iPadOS 15.7.1 to Fix Security Vulnerabilities on Older Devices

Apple has released iOS 15.7.1 and iPadOS 15.7.1 to fix 17 security vulnerabilities on older devices that either aren’t yet running or don’t support iOS 16 and iPadOS 16. The new versions have no new features or other bug fixes but address vulnerabilities…

  • …in the Apple Neural Engine, graphics driver, image processing code, and kernel that allowed arbitrary code execution with kernel privileges.
  • …that allowed a maliciously crafted audio or USD file to leak private information.
  • …in Safari that let attackers steal personal information.
  • …that enabled a malicious Wi-Fi network to initiate a denial-of-service attack.

Since Apple says that one of the fixed vulnerabilities is actively being exploited in the wild, if you haven’t yet upgraded to iOS 16 or iPadOS 16, or you’re using older devices that can’t upgrade, you should install these updates as soon as possible from Settings > General > Software Update.

Subscribe today so you don’t miss any TidBITS articles!

Every week you’ll get tech tips, in-depth reviews, and insightful news analysis for discerning Apple users. For over 31 years, we’ve published professional, member-supported tech journalism that makes you smarter.

Registration confirmation will be emailed to you.

Comments About Apple Releases iOS 15.7.1 and iPadOS 15.7.1 to Fix Security Vulnerabilities on Older Devices

Notable Replies

  1. Josh,
    Good day to you sir!

    Did apple change the backup process of an iPhone to a Mac by adding a requirement to enter the password on the iPhone before the backup to begin?

    Or maybe TidBITS knows a way to make this requirement go away?

    Sincerely,

    Lee

  2. Yes. Since 15.7.1 I’m seeing that I have to authenticate my iPhone before it backs up. Even over wifi. :roll_eyes: Hope this will eventually go away again, or at least become a user setting.

  3. Simon,

    Thank you. NOT going crazy! I thought I had screwed up some setting therefore getting this alert. It is a PITA as I back up each time I sync.

    Than you again
    Lee

  4. Yes, same problem here. I have it set up to sync over wifi when I plug it in before going to bed. That triggers a backup too (as it should).

    But now instead of just plugging it in, I also have to authenticate for any of this backing up and syncing to actually take place.

    What I find particularly annoying is that it rerquires me to type in the password even if the iPhone is already “on” (via FaceID auth). I’m already authorized, so why in the heck should I be authenticating again? Ugh. :man_facepalming:

    If I had known about this change I would have held off on the update. But once again, not a single report on this update I read anywhere online pointed this out. Waiting for those reports to come in was the reason I held off on updating a couple days in the first place despite all the usual “super important security updates, exploits in the wild, update ASAP or your cat will die” drama.

    Online reports on these updates have really become mediocre. And this despite all the betas and public betas and yada. Not that good reports would somehow absolve Apple of properly documenting with actual quality release notes in the first place, especially when they feel like changing workflows.

    I’m starting to rethink when to update Apple software regardless of what all the “experts” are suggesting. I’m starting to think that unless there is a bug that is a problem to me personally and I have 100% confirmation that the update will remove it, I will not update and risk breaking something else. That does indeed suck because it also means missing security updates. But this combination of Apple not warning about changes in workflow (lack of detailed update description) along with their lately very shoddy software quality control leading to new bugs with nearly every “update” is really starting to get to me.

  5. This sort of thing is super frustrating. We tend to encourage moderately conservative updating practices except when a security fix addresses a vulnerability that’s being exploited in the wild. But if people generally adopt a conservative approach, fewer people will have a chance to discover bugs like this and report them, such that waiting even longer will become necessary for everyone else.

    It does seem that connecting iPhones and iPads directly to Macs is becoming an edge case such that Apple isn’t paying as much attention to it. Which is a shame, given that otherwise you pretty much have to pay for iCloud+ storage.

  6. blm

    Curious. I updated my iPhone (first 2nd gen SE) and iPad (6th gen) to 15.7.1 a couple of days ago and haven’t been asked to authenticate, even though they’re frequently plugged into my iMac, where I can see them in iTunes (my iMac is still running Mojave), and they backup to iCloud, which they’ve each done at least once. So it’s not universal, but I agree, it would be extremely annoying. I’m glad whatever the bug is skipped me…

  7. This issue pertains to backing up to a Mac, not iCloud. But it’s an iOS issue, not iTunes (interference with iMazing has already been reported)

  8. I can understand being uncomfortable with having your data backed up to the cloud rather than your own device. I agree that Apple should have a larger free iCloud storage tier. However, the cost for 50GB is only $1 per month ($12/year). If you are not using your iCloud storage for other large data sets, your backups should comfortably fit in 50GB. The backup does not include the full contents of your iPhone, but only content that can’t be loaded from other sources. For example, my iPhone claims that it uses about 95GB of internal storage, but the iCloud backup is about 4GB. My iPad using 111GB internally backs up to 14GB.

    I use Apple Photo Sharing and Apple Music, so that no photos stored on the device and very little music are directly backed up. If you have a lot of photos or media on your phone that are not otherwide available via Apple Music (not counted as iCloud storage) or Apple iCloud photos (included in your iCloud storage), then your backups will need to include them.

  9. I can see this as a security feature. Malicious USB connections are known to exist - you plug your USB cable into a “charge port” at a public location, and without you’re being aware, some server at the other end of that port is downloading your phone.

    Preventing USB access after the phone has been locked for a few minutes (added many iOS releases ago) was one fix for this. I think blocking backups without authentication is another important step to protect against this, because people often plug into chargers while they are using the phone (in other words, when it is unlocked). So this will mean that something trying to download the phone’s content will cause that popup to appear and (hopefully) you will realize that something strange is going on, allowing you to disconnect before any data has been compromised.

    Of course, the real “fix” here is to not plug into a USB port that isn’t connected to a device you control. When on the go, carry a small charger brick and plug into a power outlet instead of into a USB port.

  10. The problem is that this should not pertain to pre-authorized automated backups over WiFi, which is what the reports seem to be indicating is affected.

    That is, I have already authorized my iPhone to periodically backup wirelessly to my Mac when they are on the same local WiFi network. The trigger for this backup may be plugging the device in, but the backup doesn’t actually take place over that cable, because the cable isn’t necessarily connected to the Mac that’s authorized.

    If I understand the reports correctly, that’s what’s frustrating people here—you shouldn’t have to repeatedly authorize backing up to a known device over a known WiFi network. If the authorization protocol is sufficiently secure, authorizing my iPhone to automatically back up wirelessly to my Mac should be a one-time thing (maybe needing refreshing periodically or if a certain amount of time has passed since the devices last connected), not an every-time necessity.

    I can absolutely see requiring authorization for backups over a cable to a not-yet-authorized device—which the existing setup already took care of. This new behavior doesn’t seem to serve any useful purpose, which means it’s most likely a bug, not a feature.

    Since my devices back up automatically over WiFi to iMazing daily, whether plugged in or not, I’m not going to move up to 15.7.1. I don’t need that headache. (Both my iPhone and iPad are too old for iOS/iPadOS 16, and I simply can’t afford to replace them right now.)

  11. That’s exactly right.

    This has nothing to do with plugging in to some random USB port.

    We’re talking about initiating a backup & sync between an already authenticated iPhone and a previously authenticated Mac. And it’s not just affecting USB, it’s wifi too which makes it even more non-sensical.

Join the discussion in the TidBITS Discourse forum

Participants