iOS and iPadOS 14.4.2 include a fix for a security vulnerability Apple says “may have been actively exploited”
Mar 27, 2021
12:33 PM EDT
It’d be a good idea to take a few minutes out of your day to download the latest iOS or iPadOS update. Version 14.4.2 of both mobile operating systems fixes a security flaw that could let malicious sites access information from other webpages you open on your phone.
MacRumors spotted the Apple security support document about the update. The document notes that a vulnerability could allow processing of “maliciously crafted web content” to lead to universal cross-site scripting. According to security blog Acunetix (via The Verge), this could allow a malicious website or script to access information from other webpages open on your phone.
Further, Apple acknowledged in its security document that it’s “aware of a report that this issue may have been actively exploited.”
With that in mind, you should head to Settings> General> Software Update on your iPhone or iPad to download the patch and protect yourself. The 14.4.2 update is available for the iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later and iPod Touch 7th generation.
MacRumors notes that Apple also released iOS 12.5.2 with the same patch for older devices, including the iPhone 5s, 6, 6 Plus, iPad Air, mini 2, mini 3 and iPod Touch 6th generation.
Granted, as far as security vulnerabilities go, this isn’t the worst problem. If you can’t download the update right away, you’ll probably be fine as long as you avoid sketchy websites (generally good advice regardless of pending security updates). That said, it’s better to update and protect yourself than leave the vulnerability open, especially if it’s one that’s actively exploited.
Source: Apple Via: MacRumors, The Verge