Apple Issues Urgent Patch for WebKit
Apple Urgent Security Patch
An urgent security update for iPhone, iPad and Apple Watch was issued by Apple. The patch aims at fixing an actively exploited zero-day vulnerability that has been described as “critical”.
Codenamed CVE-2021-1879, the vulnerability is linked to a flaw in WebKit (Apple’s core web browser code) that allows people with malicious intentions to process malware-injected online materials that may lead to cross-site scripting attacks.
Due to security reasons, Apple has not published more details on the detected flaw. However, the company noted that there have been reports that CVE-2021-1879 may have been actively exploited.
In an attempt to restrict the exploitation, the iPhone maker has released updates for iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation). The latest versions are available here:
- iOS 12.5.2
- iOS 14.4.2
- iPadOS 14.4.2
- watchOS 7.3.3
Users of older iPhones and iPads who are still using the officially-supported iOS 12 version also need to get the latest patch.
People who want to check whether they have the latest patched version for their device should go to Settings >>> General >>> Software Update and install the updates that are offered there right away.
Researchers explain that the severity of the security flaw in WebKit is huge since it could affect any browser that is installed, including Apple’s built-in Safari app. Aside from that, if not patched, the vulnerability may lower the safety of many other apps, especially those that have options that allow the pop-up of an information web window inside the app itself.
Additional information on the urgent patch can be found on Apple’s official security pages for iOS and iPadOS 14.4.2, for iOS 12.5.2, and for watchOS 7.3.3.
At the time of the publishing of this article, these pages briefly inform that there is a UXSS vulnerability in WebKit that is officially known as CVE-2021-1879 and attackers may be actively exploiting it. Apple has given credits to researchers from Google for the reporting of the WebKit flaw.