Every time that Apple updates the iPhone operating system, Apple includes some security updates. Sometimes a security update is important enough that Apple will release a .x.1 update just for that security issue, such as an update from iOS 15.1.1 to iOS 15.1.2. Rarely, a security update is important enough that Apple labels it with a .1 update, and that happened yesterday when Apple introduced iOS 15.3.
There are no new features in iOS 15.3. Instead, the update addresses ten security issues, identified by Apple on this page. The most dangerous one seems to be the last one listed on that page, which Apple says could be exploited by a website to track sensitive user information. For more information, you can go straight to the source. Apple gives credit to Martin Bajanik of FingerprintJS for finding that bug, and on Bajanik’s website you can read all about this flaw. In short, if you were logged into a Google account and had multiple tabs open in Safari, a malicious website open in one tab could learn information about some of the websites that you were viewing in other tabs. And in some cases, Bajanik says that “authenticated users can be uniquely and precisely identified.” Obviously, that’s an undesirable invasion of your privacy.
Apple has now fixed this issue in all of its products that can load a website. You can download iOS 15.3 on the iPhone, iPadOS 15.3 for the iPad, macOS 12.2 on the Mac, watchOS 8.4 on the Apple Watch, and tvOS 15.3 on the Apple TV. Apple also released HomePod update 15.3 yesterday; I’m not yet sure what security updates were included with that update.