Apple release iPhone and iPad security update for "actively exploited" universal cross site scripting flaw
1 min. read
Published on
Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more
Apple has released an urgent security update for iOS and iPad OS which takes the operating systems to 14.4.2 and 14.4.2 respectively.
The update is to address a security flaw in webkit which would allow a website to read data from other websites in your browser. Apple says they believe the flaw is already being actively exploited, meaning users should probably update sooner rather than later.
Apple writes:
Impact: Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been actively exploited.
Description: This issue was addressed by improved management of object lifetimes.
The flaw was discovered by Clement Lecigne of Google Threat Analysis Group and Billy Leonard of Google Threat Analysis Group and is described in CVE-2021-1879.
The patch is available for iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
via The Verge
User forum
0 messages