Skip to Main Content
Lifehacker Logo
Home Tech Apple

What's New in iOS 15.5

Apple is delivering updates to your iPhone and iPad! Here's what's different.
What's New in iOS 15.5
Credit: Tada Images - Shutterstock

For the first time in 46 days, Apple has released a new software update for both the iPhone and iPad. The new updates, iOS 15.5 and iPadOS 15.5, should be available on all compatible devices right now. Whether you’ve already updated, or whether you’re just learning about the update for the first time, here’s what you can expect.

Wallet now lets you send and receive money using Apple Cash Card

According to the release notes for the new software, there are four main changes to expect on iPhone, and two for iPad. First up, on iPhone, you’ll find that Wallet now lets you send and request money from your Apple Cash card (the digital card that accumulates the cash back from your Apple Card). This is a welcome extension to iMessage’s Apple Pay feature, which lets you send money to and request money from other iMessage users. Now, you should be able to do so from the Apple Cash card itself in Wallet, so you’ll know from the get-go how much Apple Cash money you have on hand.

iOS and iPadOS 15.5 patches 27 security vulnerabilities

Second, we have potentially the most important reason to update: security patches. Apple patched 27 security vulnerabilities with iOS and iPadOS 15.5, and, while not the subject of this article, fixed over 50 issues with macOS 12.4. Security vulnerabilities can leave your devices and the data stored on them in jeopardy if bad actors discover ways to exploit those security flaws, so it’s imperative to update when available. Here’s what iOS and iPadOS 15.5 fix:

AppleAVD

  • Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

  • Impact: An application may be able to execute arbitrary code with kernel privileges

  • Description: A use after free issue was addressed with improved memory management.

  • CVE-2022-26702: an anonymous researcher

AppleGraphicsControl

  • Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

  • Impact: Processing a maliciously crafted image may lead to arbitrary code execution

  • Description: A memory corruption issue was addressed with improved input validation.

  • CVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative

AVEVideoEncoder

  • Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

  • Impact: An application may be able to execute arbitrary code with kernel privileges

  • Description: An out-of-bounds write issue was addressed with improved bounds checking.

  • CVE-2022-26736: an anonymous researcher

  • CVE-2022-26737: an anonymous researcher

  • CVE-2022-26738: an anonymous researcher

  • CVE-2022-26739: an anonymous researcher

  • CVE-2022-26740: an anonymous researcher

DriverKit

  • Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

  • Impact: A malicious application may be able to execute arbitrary code with system privileges

  • Description: An out-of-bounds access issue was addressed with improved bounds checking.

  • CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)

GPU Drivers

  • Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

  • Impact: An application may be able to execute arbitrary code with kernel privileges

  • Description: A memory corruption issue was addressed with improved state management.

  • CVE-2022-26744: an anonymous researcher

ImageIO

  • Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

  • Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution

  • Description: An integer overflow issue was addressed with improved input validation.

  • CVE-2022-26711: actae0n of Blacksun Hackers Club working with Trend Micro Zero Day Initiative

IOKit

  • Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

  • Impact: An application may be able to execute arbitrary code with kernel privileges

  • Description: A race condition was addressed with improved locking.

  • CVE-2022-26701: chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab

IOMobileFrameBuffer

  • Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

  • Impact: An application may be able to execute arbitrary code with kernel privileges

  • Description: A memory corruption issue was addressed with improved state management.

  • CVE-2022-26768: an anonymous researcher

IOSurfaceAccelerator

  • Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

  • Impact: A malicious application may be able to execute arbitrary code with kernel privileges

  • Description: A memory corruption issue was addressed with improved state management.

  • CVE-2022-26771: an anonymous researcher

Kernel

  • Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

  • Impact: An application may be able to execute arbitrary code with kernel privileges

  • Description: A memory corruption issue was addressed with improved validation.

  • CVE-2022-26714: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs (@starlabs_sg)

Kernel

  • Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

  • Impact: An application may be able to execute arbitrary code with kernel privileges

  • Description: A use after free issue was addressed with improved memory management.

  • CVE-2022-26757: Ned Williamson of Google Project Zero

Kernel

  • Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

  • Impact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations

  • Description: A memory corruption issue was addressed with improved validation.

  • CVE-2022-26764: Linus Henze of Pinauten GmbH (pinauten.de)

Kernel

  • Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

  • Impact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication

  • Description: A race condition was addressed with improved state handling.

  • CVE-2022-26765: Linus Henze of Pinauten GmbH (pinauten.de)

LaunchServices

  • Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

  • Impact: A sandboxed process may be able to circumvent sandbox restrictions

  • Description: An access issue was addressed with additional sandbox restrictions on third-party applications.

  • CVE-2022-26706: Arsenii Kostromin (0x3c3e)

libxml2

  • Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

  • Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution

  • Description: A use after free issue was addressed with improved memory management.

  • CVE-2022-23308

Notes

  • Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

  • Impact: Processing a large input may lead to a denial of service

  • Description: This issue was addressed with improved checks.

  • CVE-2022-22673: Abhay Kailasia (@abhay_kailasia) of Lakshmi Narain College Of Technology Bhopal

Safari Private Browsing

  • Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

  • Impact: A malicious website may be able to track users in Safari private browsing mode

  • Description: A logic issue was addressed with improved state management.

  • CVE-2022-26731: an anonymous researcher

Security

  • Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

  • Impact: A malicious app may be able to bypass signature validation

  • Description: A certificate parsing issue was addressed with improved checks.

  • CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)

Shortcuts

  • Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

  • Impact: A person with physical access to an iOS device may be able to access photos from the lock screen

  • Description: An authorization issue was addressed with improved state management.

  • CVE-2022-26703: Salman Syed (@slmnsd551)

WebKit

  • Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

  • Impact: Processing maliciously crafted web content may lead to code execution

  • Description: A memory corruption issue was addressed with improved state management.

  • WebKit Bugzilla: 238178

  • CVE-2022-26700: ryuzaki

WebKit

  • Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

  • Impact: Processing maliciously crafted web content may lead to arbitrary code execution

  • Description: A use after free issue was addressed with improved memory management.

  • WebKit Bugzilla: 236950

  • CVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab

  • WebKit Bugzilla: 23747

  • CVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab

  • WebKit Bugzilla: 238171

  • CVE-2022-26717: Jeonghoon Shin of Theori

WebKit

  • Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

  • Impact: Processing maliciously crafted web content may lead to arbitrary code execution

  • Description: A memory corruption issue was addressed with improved state management.

  • WebKit Bugzilla: 238183

  • CVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun Lab

  • WebKit Bugzilla: 238699

  • CVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech

WebRTC

  • Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

  • Impact: Video self-preview in a webRTC call may be interrupted if the user answers a phone call

  • Description: A logic issue in the handling of concurrent media was addressed with improved state handling.

  • WebKit Bugzilla: 237524

  • CVE-2022-22677: an anonymous researcher

Wi-Fi

  • Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

  • Impact: A malicious application may disclose restricted memory

  • Description: A memory corruption issue was addressed with improved validation.

  • CVE-2022-26745: an anonymous researcher

Wi-Fi

  • Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

  • Impact: A malicious application may be able to elevate privileges

  • Description: A memory corruption issue was addressed with improved state management.

  • CVE-2022-26760: 08Tc3wBB of ZecOps Mobile EDR Team

Wi-Fi

  • Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

  • Impact: A remote attacker may be able to cause a denial of service

  • Description: This issue was addressed with improved checks.

  • CVE-2015-4142: Kostya Kortchinsky of Google Security Team

Wi-Fi

  • Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

  • Impact: A malicious application may be able to execute arbitrary code with system privilegesDescription: A memory corruption issue was addressed with improved memory handling.

  • CVE-2022-26762: Wang Yu of Cyberserval

Podcasts now manages your downloads for you

Next, we have an update for Apple Podcasts. The company added a new setting in iOS 15.5 and iPadOS 15.5 that limits the number of episodes saved to your iPhone or iPad while automatically deleting older titles. This change is necessary, if not a bit late: Apple’s big Podcasts redesign last year made it all too common for settings to get scrambled, resulting in way too many episode saving to your device. Hard drives filled up, data management out the window: madness. Hopefully, this new update mitigates this issue somewhat.

iOS and iPadOS 15.5 fix some bugs with previous versions

Last up, we have an iPhone bug fix: Apple has fixed an issue where home automations might fail if they were triggered by people arriving or leaving. Walking into or leaving your home is a big sell for setting up home automations, as doing one or the other can allow you to automatically adjust things like lighting, air conditioning, and home security, so Apple squashing this bug is definitely a good thing.

Still, this update is undeniably minor. We aren’t getting new emoji, flashy new features, or major bug fixes for other issues you might be dealing with. Don’t fret: Apple is set to announce iOS 16 and iPadOS 16 at next month’s WWDC event, which will be sure to feature big changes to your iPhone and iPad. Or at least, more changes than 15.5 provides.

How to update your iPhone and iPad to 15.5

As of this writing, the update should be available on all compatible devices. That includes iPhone 6S and newer, iPod touch (7th generation), iPad (5th generation) and newer, iPad Air 2 and newer, iPad Pro mini 4 and newer, iPad Pro 12.9-inch (1st generation) and newer, iPad Pro 9.7-inch, iPad Pro 10.5-inch, and iPad Pro 11-inch (1st generation) and newer.

To update, head to Settings > General > Software Update, then wait for iOS or iPadOS to check for new software. When it appears, follow the on-screen instructions to download and install 15.5 to your device.

This post was updated on Tuesday, May 17 to report on Apple’s security patches.