AppleがiPhoneなど向けiOS 15.4とiPadOS 15.4をリリース! |
Appleは14日(現地時間)、iPhoneおよびiPod touch向けプラットフォーム「iOS」とiPad向けプラットフォーム「iPadOS」の最新バージョン「iOS 15.4(19E241)」および「iPadOS 15.4(19E241)」を提供開始したとお知らせしています。なお、3月18日(金)に発売されるiPhone 13シリーズの新色やiPhone SE(第3世代)、iPad Air(第5世代)はiOS 15.4またはiPadOS 15.4がプリインストールされています。
変更点はiPhone 12シリーズ以降で顔認証「Face ID」にてマスクを着用したまま認証できるようになるほか、新しい絵文字が追加されたり、SharePlayのセッションを対応アプリから直接開始できるオプションが追加されるなどし、iPadではユニバーサルコントロールによって1組のマウスとキーボードでiPadとMacの両方を操作可能になっています。その他、新機能追加および不具合修正、セキュリティー改善なども実施されているとのこと。
対象機種はiOS 15およびiPadOS 15の対象機種である「iPhone 13」シリーズや「iPad(第9世代)」および「iPad mini(第6世代)」を含むiPhone 6s以降およびiPod touch(第7世代)、iPad(第5世代)・iPad Air 2・iPad mini 4・iPad Pro以降の各製品にて無料で更新可能です。
その他、スマートウォッチ「Apple Watch」向け「watchOS」の最新バージョン「watchOS 8.5(19T242)」やスマートテレビ「Apple TV」向け「tvOS」の最新バージョン「tvOS 15.4(19L440)」、パソコン「Mac」向け「macOS」の最新バージョン「macOS 12.3(21E230)」なども提供開始されています。
iPhoneやiPod touch向けのiOS、iPad向けのiPadOSの最新メジャーバージョンとして現地時間9月20日に提供が開始されたiOS 15およびiPadOS 15ですが、その後、各種の新機能が追加されたiOS 15.1・iPadOS 15.1およびiOS 15.2・iPadOS 15.2、iOS 15.2・iPadOS 15.3が提供開始されていましたが、今回、新機能追加などが行われるiOS 15.4およびiPadOS 15.4が提供開始されました。
なお、単体でアップデートする場合のダウンロードサイズは手持ちのiPhone 13 Pro MaxでiOS 15.3.1からだと1.34GBとなっており、ファイルサイズは大きめとなっています。Appleが案内しているiOS 15.4およびiPadOS 15.4の更新内容と修正された脆弱性については以下の通りとなっています。
iOS 15.4
iOS 15.4では、iPhone 12以降を対象に、マスクを着用したままFace IDでロックを解除できる機能が追加されます。このアップデートには、新しい絵文字のほか、SharePlayのセッションを対応Appから直接開始できるオプションが追加され、iPhone用のその他の機能およびバグ修正も含まれます。
Face ID
・iPhone 12以降で、マスクを着用したままFace IDを使用できるオプション
・Apple Pay、およびSafariとApp内のパスワード自動入力で、マスクを着用したままFace IDを使用可能
・iPhone XS、iPhone XR、iPhone 11以降では、オフラインの間もSiriが日付と時刻の情報を応答可能
・Podcast Appにエピソードフィルタが追加され、シーズンや再生済み、未再生、保存済み、またはダウンロード済みのエピソードを絞り込み可能
・“拡大鏡”のクローズアップ機能で、iPhone 13 ProとiPhone 13 Pro Maxの超広角カメラを使用して小さなものを見やすくすることが可能
・“ブック” App内で“画面の読み上げ”のアクセシビリティ機能が予期せず終了する場合がある問題
iPadOS 15.4
iPadOS 15.4にはユニバーサルコントロールが追加され、1組のマウスとキーボードでiPadとMacの両方を操作できます。新しい絵文字のほか、SharePlayのセッションを対応Appから直接開始できるオプションが含まれます。このアップデートにはその他の新機能およびiPad用のバグ修正も含まれます。
・A12Z Bionic以降を搭載したiPad Proでは、オフラインの間もSiriが日付と時刻の情報を応答可能
・iPad(第5世代以降)、iPad mini(第4世代と第5世代)、iPad Air 2、iPad Air(第3世代と第4世代)、およびiPad Proで、音量コントロールをiPadの向きに合わせて調整されるように設定可能
・Podcast Appにエピソードフィルタが追加され、シーズンや再生済み、未再生、保存済み、またはダウンロード済みのエピソードを絞り込み可能
・“ブック” App内で“画面の読み上げ”のアクセシビリティ機能が予期せず終了する場合がある問題
iOS 15.4 and iPadOS 15.4
- Accelerate Framework
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed with improved state management.
CVE-2022-22633: an anonymous researcher
- AppleAVD
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to heap corruption
Description: A memory corruption issue was addressed with improved validation.
CVE-2022-22666: Marc Schoenefeld, Dr. rer. nat.
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A malicious application may be able to execute arbitrary code with kernel privileges
Description: A buffer overflow was addressed with improved bounds checking.
CVE-2022-22634: an anonymous researcher
- AVEVideoEncoder
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: An application may be able to gain elevated privileges
Description: An out-of-bounds write issue was addressed with improved bounds checking.
CVE-2022-22635: an anonymous researcher
- AVEVideoEncoder
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: An out-of-bounds write issue was addressed with improved bounds checking.
CVE-2022-22636: an anonymous researcher
- Cellular
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A person with physical access may be able to view and modify the carrier account information and settings from the lock screen
Description: The GSMA authentication panel could be presented on the lock screen. The issue was resolved by requiring device unlock to interact with the GSMA authentication panel.
CVE-2022-22652: Kağan Eğlence (
- CoreMedia
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: An app may be able to learn information about the current camera view before being granted camera access
Description: An issue with app access to camera metadata was addressed with improved logic.
CVE-2022-22598: Will Blaschko of Team Quasko
- FaceTime
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A user may be able to bypass the Emergency SOS passcode prompt
Description: This issue was addressed with improved checks.
CVE-2022-22642: Yicong Ding (@AntonioDing)
- FaceTime
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A user may send audio and video in a FaceTime call without knowing that they have done so
Description: This issue was addressed with improved checks.
CVE-2022-22643: Sonali Luthar of the University of Virginia, Michael Liao of the University of Illinois at Urbana-Champaign, Rohan Pahwa of Rutgers University, and Bao Nguyen of the University of Florida
- GPU Drivers
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A use after free issue was addressed with improved memory management.
CVE-2022-22667: Justin Sherman of the University of Maryland, Baltimore County
- ImageIO
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2022-22611: Xingyu Jin of Google
- ImageIO
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to heap corruption
Description: A memory consumption issue was addressed with improved memory handling.
CVE-2022-22612: Xingyu Jin of Google
- IOGPUFamily
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: An application may be able to gain elevated privileges
Description: A use after free issue was addressed with improved memory management.
CVE-2022-22641: Mohamed Ghannam (@_simo36)
- iTunes
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A malicious website may be able to access information about the user and their devices
Description: A logic issue was addressed with improved restrictions.
CVE-2022-22653: Aymeric Chaib of CERT Banque de France
- Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved validation.
CVE-2022-22596: an anonymous researcher
CVE-2022-22640: sqrtpwn
- Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: An out-of-bounds write issue was addressed with improved bounds checking.
CVE-2022-22613: Alex, an anonymous researcher
- Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A use after free issue was addressed with improved memory management.
CVE-2022-22614: an anonymous researcher
CVE-2022-22615: an anonymous researcher
- Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A malicious application may be able to elevate privileges
Description: A logic issue was addressed with improved state management.
CVE-2022-22632: Keegan Saunders
- Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: An attacker in a privileged position may be able to perform a denial of service attack
Description: A null pointer dereference was addressed with improved validation.
CVE-2022-22638: derrek (@derrekr6)
- libarchive
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Multiple issues in libarchive
Description: Multiple memory corruption issues existed in libarchive. These issues were addressed with improved input validation.
- Markup
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions
Description: This issue was addressed with improved checks.
CVE-2022-22622: Ingyu Lim (@_kanarena)
- MediaRemote
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A malicious application may be able to identify what other applications a user has installed
Description: An access issue was addressed with improved access restrictions.
CVE-2022-22670: Brandon Azad
- NetworkExtension
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: An attacker in a privileged network position may be able to leak sensitive user information
Description: A logic issue was addressed with improved state management.
CVE-2022-22659: an anonymous researcher
- Phone
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A user may be able to bypass the Emergency SOS passcode prompt
Description: This issue was addressed with improved checks.
CVE-2022-22618: Yicong Ding (@AntonioDing)
- Preferences
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A malicious application may be able to read other applications' settings
Description: The issue was addressed with additional permissions checks.
CVE-2022-22609: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (
- Sandbox
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A malicious application may be able to bypass certain Privacy preferences
Description: The issue was addressed with improved permissions logic.
CVE-2022-22600: Sudhakar Muthumani of Primefort Private Limited, Khiem Tran
- Siri
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A person with physical access to a device may be able to use Siri to obtain some location information from the lock screen
Description: A permissions issue was addressed with improved validation.
CVE-2022-22599: Andrew Goldberg of the University of Texas at Austin, McCombs School of Business (
- SoftwareUpdate
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: An application may be able to gain elevated privileges
Description: A logic issue was addressed with improved state management.
CVE-2022-22639: Mickey (@patch1t)
- UIKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions
Description: This issue was addressed with improved checks.
CVE-2022-22621: Joey Hewitt
- VoiceOver
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A person with physical access to an iOS device may be able to access photos from the lock screen
Description: An authentication issue was addressed with improved state management.
CVE-2022-22671: videosdebarraquito
- WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing maliciously crafted web content may disclose sensitive user information
Description: A cookie management issue was addressed with improved state management.
WebKit Bugzilla: 232748
CVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix
- WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to code execution
Description: A memory corruption issue was addressed with improved state management.
WebKit Bugzilla: 232812
CVE-2022-22610: Quan Yin of Bigo Technology Live Client Team
- WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A use after free issue was addressed with improved memory management.
WebKit Bugzilla: 233172
CVE-2022-22624: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab
WebKit Bugzilla: 234147
CVE-2022-22628: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab
- WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A buffer overflow issue was addressed with improved memory handling.
WebKit Bugzilla: 234966
CVE-2022-22629: Jeonghoon Shin at Theori working with Trend Micro Zero Day Initiative
- WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A malicious website may cause unexpected cross-origin behavior
Description: A logic issue was addressed with improved state management.
WebKit Bugzilla: 235294
CVE-2022-22637: Tom McKee of Google
- Wi-Fi
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A malicious application may be able to leak sensitive user information
Description: A logic issue was addressed with improved restrictions.
CVE-2022-22668: MrPhil17
・エスマックス(S-MAX) smaxjp on Twitter
・S-MAX - Facebookページ
・iOS 15 関連記事一覧 - S-MAX
・iPadOS 15 関連記事一覧 - S-MAX
・iOS 15 のアップデートについて - Apple サポート (日本)
・iPadOS 15 のアップデートについて - Apple サポート (日本)
・iOS 15.4 および iPadOS 15.4 のセキュリティコンテンツについて - Apple サポート (日本)
・Apple セキュリティアップデート - Apple サポート