Apple has released iOS 14.4.2 and iPadOS 14.4.2 with a single update which is a security fix for Webkit vulnerability. The company believes that this vulnerability might have been actively exploited, although it has not specified any targets. Apple has also released iOS 12.5.2 for older iOS devices, including those that were discontinued 5 years ago.
What’s new in iOS 14.4.2?
Apple has explained this Webkit related cross site scripting vulnerability on a new document on its website, where it emphasizes that this vulnerability might have been actively exploited.
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been actively exploited.
Description: This issue was addressed by improved management of object lifetimes.
CVE-2021-1879: Clement Lecigne of Google Threat Analysis Group and Billy Leonard of Google Threat Analysis Group
Note that this vulnerability fix has not closed the flaws that the latest version of checkra1n uses for jailbreak.
Apple is currently beta testing iOS 14.5 with developers and public beta testers, however, it is unclear if the latest beta included this security fix.
Upgrade your iPhone or iPad to iOS 14.4.2
iOS 14.4.2 and iPadOS 14.4.2 are compatible with the following devices:
- iPhone 6s and later
- iPad Pro (all models)
- iPad Air 2 and later
- iPad 5th generation and later
- iPad mini 4 and later
- iPod touch (7th generation)
If you have any of the above devices, go to Settings > General > Software Update to download the latest update as soon as possible. Make sure that your device is plugged in during the update process, and also connected to Wi-Fi.
To fix this flaw in older iOS versions, Apple has also released iOS 12.5.2, which is available for iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation).
Although Apple Watch does not have Safari, watchOS uses WebKit to render various web views in Apple Watch Series 3 and later. Apple has released watchOS 7.3.3 to fix the security flaw on the Watch.