Attackers may have actively exploited a new WebKit vulnerability on iOS and iPadOS, but Apple just released a patch to secure your iPhone and iPad from attacks.
The security fix comes via iOS 14.4.2 and iPadOS 14.4.2, both released Friday, March 26. These 18D70 builds come 18 days after iOS 14.4.1 and iPadOS 14.4.1, which introduced their own security patches. Since the WebKit vulnerability affects older devices, too, Apple also released iOS 12.5.2.
So what's the WebKit vulnerability? According to Apple, maliciously-crafted web content that you load in a WebKit browser window could lead to universal cross-site scripting. Apple acknowledges that it may have been actively exploited, so it's important to update your device as soon as possible.
If you're a bit disappointed by a lack of new features with this update, don't be. First, security updates are great news since they fix attack vectors you likely didn't even know your iPhone had. Second, Apple is actually gearing up for a major update to come out soon, iOS 14.5, which will feature 217 new emoji, support for PS5 and Xbox Series X controllers, and over 40 more other changes.
iOS 14.4.2 and iPadOS 14.4.2 Security Notes
WebKit
- Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
- Impact: Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been actively exploited.
- Description: This issue was addressed by improved management of object lifetimes.
- CVE-2021-1879: Clement Lecigne of Google Threat Analysis Group and Billy Leonard of Google Threat Analysis Group
iOS 12.5.2 Security Notes
WebKit
- Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation)
- Impact: Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been actively exploited.
- Description: This issue was addressed by improved management of object lifetimes.
- CVE-2021-1879: Clement Lecigne of Google Threat Analysis Group and Billy Leonard of Google Threat Analysis Group
To download this latest update, open the Settings app on your compatible iPhone, then head to General –> Software Updates. Allow the page to load, then follow the on-screen instructions to download and install the software.
Cover image and screenshots by Jake Peterson/Gadget Hacks
Comments
No Comments Exist
Be the first, drop a comment!