Apple on Monday quietly announced that iOS 15 includes a number of security improvements including enhancements to Face ID's anti-spoofing models.
According to a support document published to coincide with the release of iOS 15, Apple has addressed a Face ID vulnerability in which a 3D model might be used to gain access to certain iPhone and iPad Pro models.
As discovered by Wish Wu of Ant Financial's Light-Year Security Lab, previous iterations of Face ID could be tricked into authenticating a 3D model "constructed to look like the enrolled user." Apple rectified the potential security issue by updating Face ID anti-spoofing models.
Wu made headlines in 2019 for reportedly uncovering a similar Face ID hack that supposedly defeated the system with a black-and-white printed image and "some tape." He was poised to present a report on the matter at the Black Hat Asia conference that year, but withdrew after Ant discovered inconsistencies with the findings.
The Face ID vulnerability patched today appears to be a separate issue first reported in August.
Also included in iOS 15 are fixes for CoreML, Apple's Neural Engine, memory handling, dfont, a kernel issue and a handful of WebKit bugs, some of which could allow malicious actors to execute arbitrary code on a target device.