Apple release iPhone and iPad security update for "actively exploited" universal cross site scripting flaw

Reading time icon 1 min. read

Readers help support MSPoweruser. When you make a purchase using links on our site, we may earn an affiliate commission. Tooltip Icon

Read the affiliate disclosure page to find out how can you help MSPoweruser effortlessly and without spending any money. Read more

security update

Apple has released an urgent security update for iOS and iPad OS which takes the operating systems to 14.4.2 and 14.4.2 respectively.

The update is to address a security flaw in webkit which would allow a website to read data from other websites in your browser. Apple says they believe the flaw is already being actively exploited, meaning users should probably update sooner rather than later.

Apple writes:

Impact: Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been actively exploited.

Description: This issue was addressed by improved management of object lifetimes.

The flaw was discovered by Clement Lecigne of Google Threat Analysis Group and Billy Leonard of Google Threat Analysis Group and is described in CVE-2021-1879.

The patch is available for iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

via The Verge

More about the topics: apple, ipados, iphone, security