Apple has released two new minor updates for iOS and watchOS devices, and the company recommends that all users download iOS 14.4.2 and watchOS 7.3.3 as soon as possible.
In addition, Apple released a similar security update to iOS 12.5.2 for older devices, such as: iPhone 5S or iPhone 6, which cannot run iOS 14. Like iOS 14.4.1 and macOS 11.2.3 before them, they are both working to fix a vulnerability.
And unlike large software updates, which may bring some updated features, iOS 14.4.2, iPadOS 14.4.2, and watchOS 7.3.3 are now rolling out to fix an exploit of an active security vulnerability in the WebKit browser engine.
The vulnerability allows malicious websites to execute scripting across sites, allowing someone to obtain information from other webpages that you have opened on your device.
And Apple notes that it has at least one report about someone exploiting the vulnerability, and the company said: The threat may have been actively exploited, so it is not just a potential threat.
The threat, which has been corrected by the latest operating system update from Apple, is listed as CVE-2021-1879 and has been detailed for the first time by Clement Lecigne and Billy Leonard Billy Leonard of the Google Threat Analysis Group.
The vulnerability is described as a 0-Day exploit affecting a wide range of Apple devices, including the iPhone 6s and later, all iPad Pro models and Apple Watch Series 3 and later – basically any previous model of iPhone, iPad, Apple Watch and iPod Touch. .
The surprise release of iOS 14.4.2 is the latest in a series of urgent security fixes in recent weeks.
Cross-site scripting gives attackers multiple means to attack you, and this may include redirecting you to a phishing site or malicious site, performing cross-site actions on your behalf, or even obtaining information from your browsing session.
Given this is in WebKit, it could affect any website you visit, and it may also affect many applications.