Apple release iPhone and iPad security update for "actively exploited" universal cross site scripting flaw

Home » Apple

Reading time icon 1 min. read

Calendar icon Published on

by Surur Davids 

published on

Share this article

Readers help support MSpoweruser. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more

security update

Apple has released an urgent security update for iOS and iPad OS which takes the operating systems to 14.4.2 and 14.4.2 respectively.

The update is to address a security flaw in webkit which would allow a website to read data from other websites in your browser. Apple says they believe the flaw is already being actively exploited, meaning users should probably update sooner rather than later.

Apple writes:

Impact: Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been actively exploited.

Description: This issue was addressed by improved management of object lifetimes.

The flaw was discovered by Clement Lecigne of Google Threat Analysis Group and Billy Leonard of Google Threat Analysis Group and is described in CVE-2021-1879.

The patch is available for iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

via The Verge

More about the topics: apple, ipados, iphone, security

Surur Davids

Surur Davids Shield

Smartphone Expert

Surur Davids is the founder of WMPoweruser which later became MSPoweruser.com. He's a smartphone expert with over a decade of experience.