iOS 15.7.2 and iPadOS 15.7.2 Block Exploited Security Vulnerability
The recent release of iOS 16.1.2 was odd in that it wasn’t accompanied by updates to any other Apple operating systems, the changes were fairly minor, and Apple delayed releasing its security notes (see “iOS 16.1.2 Optimizes Crash Detection, Improves Wireless Carrier Compatibility,” 7 December 2022). Now we know why Apple hurriedly pushed it out on its own with little fanfare—iOS 16.1.2 blocked a WebKit vulnerability that has been actively exploited in the wild, allowing malicious Web content to lead to arbitrary code execution. It turns out that the vulnerability also afflicted most of Apple’s other operating systems, including older versions of iOS and macOS.
Apple has now eliminated the vulnerability in all its current operating systems (see “Apple Releases iOS 16.2, iPadOS 16.2, macOS 13.1 Ventura, watchOS 9.2, and tvOS 16.2,” 13 December 2022), in the last two versions of macOS (see “Safari 16.2,” 13 December 2022) and finally, in iOS 15, with the release of iOS 15.7.2 and iPadOS 15.7.2.
If you’re still running iOS 15 on an older device that can’t upgrade to iOS 16 or iPadOS 16, we strongly encourage you to update to iOS 15.7.2 or iPadOS 15.7.2 right away. You can find it, as usual, in Settings > General > Software Update.
However, if you’ve been holding off upgrading an iPhone compatible with iOS 16, note that Apple is no longer allowing such iPhones to remain on the iOS 15 track. In that case, you’ll have to stick with version 15.7.1 or upgrade to 16.2. However, likely because iPadOS 16 shipped well after iOS 16, iPadOS 15 users can still upgrade to iPadOS 15.7.2 and won’t be forced to jump to iPadOS 16.2. (But it’s only a matter of time.)
I’ve read elsewhere - and can now confirm from my wife’s phone - that phones that can run iOS 16 that are still on iOS 15.7 or 15.7.1 will not be able to update to 15.7.2. Now it’s only offering 16.2 as an update.
Thanks for that detail—I don’t have any such devices anymore. Updating the article…
A further correction is needed: iPads supported by iPadOS 16 but still running iPadOS 15 or earlier are able to update to iPadOS 15.7.2. Software Update offers 15.7.2 by default with 16.2 as an option.
This only applies if you do software updates via Settings on the iPad. If you use iTunes/Finder to install updates (including restoring devices) it only offers iPadOS 16.2 for these models.
iPhones supported by iOS 16 are indeed only being offered iOS 16.2 - the iOS 15.7.2 update is only available for older iPhone and iPod Touch models limited to iOS 15.
I can confirm this because I’ve kept a few devices able to run iOS 16 or iPadOS 16 on version 15 for testing.
I can confirm @dempson info.
Four devices: two iPads currently running iPadOS 15 and two iPhones currently running iOS 15.
Gah! Thanks for the details, @dempson and @david_blanchard. Davids to the rescue…
My guess is that Apple is giving iPad owners a little longer because iPadOS 16 didn’t ship at the same time as iOS 16.
I am having a strange problem trying to update my older 9.7" iPad Pro (iPad 6,3). I can download the update, but when I click “Install Now” I get an error message saying “Unable to Verify Update iPadOS 15.7.2 failed verification because you are no longer connected to the internet.” Of course I AM connected to the internet as I am able to browse the web, check my email etc. I have tried on different WiFi networks and even tethered to my iPhone’s cellular connection. I tried turning Airplane Mode on then off, and turning WiFi off then on. I restarted the iPad. I keep getting the same error. Has anybody encountered this problem and come up with a solution?
I’d try deleting the update (it should be Settings / General / iPad Storage; wait for it to update; in the list, hopefully you’ll find the update file, tap it, and delete it). The restart the iPad and either try the update on the iPad itself, or attach it to a computer running iTunes (or a post-Mojave Mac on the Finder) and run the update from there.
Well it gets weirder. Deleting and redownloading the update led to the same error. So I tried doing the update from my computer. The first time I tried, it gave the exact same error but on the computer this time. So I tried again and now I get a message saying that 15.7.1 is already the latest update. Clearly this needs more investigating.
I did upgrade my iPhone 12 mini to 15.7.2 recently, only to find a serious annoyance. I have iMazing set up to automatically backup my phone over wifi each day. It was very convenient and totally automatic. With 15.7.2, this can no longer happen. I have to enter the phone’s PIN every time iMazing tries to do a backup. It will not even use Face ID - it has to be the PIN. iMazing tech support says this is a change Apple made with no way around having to enter the PIN.
I have been holding off upgrading my iPad for this reason.
Yep, it sucks. We’ve had two threads on it already.
Join the discussion in the TidBITS Discourse forum