Issued Apple has two new minor updates for iOS and watchOS devices, and the company recommends that all users download iOS 14.4.2 and watchOS 7.3.3 as soon as possible.
In addition, Apple released a similar security update to iOS 12.5.2 for older devices, such as the iPhone 5S or iPhone 6, which cannot run iOS 14.
Like iOS 14.4.1 and macOS 11.2.3 before them, they are both working to fix a vulnerability.
And unlike large software updates, which may bring some updated features, iOS 14.4.2, iPadOS 14.4.2, and watchOS 7.3.3 are now rolling out to fix an exploit of an active security vulnerability in the WebKit browser engine.
The vulnerability allows malicious websites to execute cross-site scripting, enabling the Someone can obtain information from other webpages that you have opened via your device.
And Apple notes that it has at least one report on someone exploiting the vulnerability. The company said: The threat may have been actively exploited, so it is not just a potential threat.
The threat, which has been corrected with the latest OS updates from Apple, is listed as CVE-2021-1879 It was detailed for the first time by (Clement Lecigne) and (Billy Leonard) Billy Leonard of the Google Threat Analysis Group.
The vulnerability is described as a 0-Day exploit affecting a wide range of Apple devices, including the iPhone 6s and later, all iPad Pro models and Apple Watch Series 3 and later – basically any previous model of iPhone, iPad, Apple Watch and iPod Touch. .
According to Apple, this update provides important security updates and is recommended for all users.
The surprise release of iOS 14.4.2 is the latest in a series of urgent security fixes in recent weeks.
Cross-site scripting gives attackers multiple means to attack you, and this may include redirecting you to a phishing site or malicious site, performing cross-site actions on your behalf, or even obtaining information from your browsing session.
Given this is in WebKit, it could affect any website you visit, and it may also affect multiple apps.