Apple released iOS 14.4.2, iPadOS 14.4.2, iOS 12.5.2 and watchOS 7.3.3 on Friday, which fixes a critical security vulnerability in the WebKit that may have been actively exploited.
According to the release notes, the latest security update fixes a WebKit issue (CVE-2021-1879) that potentially allowed “universal cross-site scripting”. The vulnerability was discovered by Clement Lecigne and Billy Leonard of Google Threat Analysis Group.
As mentioned above, Apple is aware that the security issue may have been actively exploited in the wild.
The update is Apple’s second security patch for WebKit this month. Apple’s last iOS 14.4.1 update, released on March 8, 2021, also fixed a WebKit security issue that could lead to arbitrary code execution (CVE-2021-1844). Google Threat Analysis Group’s Lecigne and Leonard discovered this vulnerability too.
The iOS 14.4.2 update is available for iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, 5th-gen iPad and later, iPad Mini 4 and later, and 7th-gen iPod Touch.
Apple also released a security update for iOS 12 (12.5.2) to patch older devices, including iPhone 6, iPhone 5s, 3rd-gen iPad Mini, 1st-gen iPad Air and 6th-gen iPod Touch.
The Apple Watch update (watchOS 7.3.3) will be available for Apple Watch Series 3 and later.
To update, it’s recommended that you backup your data before updating, then go to the Settings app, head over to General, tap on Software Update on the next window and once your supported device is done searching for the update, you’ll find Download and Install at the bottom of the display. Tap on it and your iOS device will start updating. Also, remember to charge your device completely before updating or update while charging the device to ensure that the update doesn’t get hindered.