SECURITY
SECURITY
SECURITY
Apple releases software updates to address new WebKit vulnerability
Nearly three weeks after releasing its last urgent security updates, Apple Inc. has issued new software updates for its iPhone, iPad and Apple Watch products to address a new security vulnerability in the WebKit engine that powers the Safari browser and other Apple apps.
Apple said the security updates — iOS 14.4.2, iPadOS 14.4.2 and watchOS 7.3.3 — address a WebKit vulnerability that allows an attacker to deliver maliciously crafted web content that may lead to universal cross-site scripting. That’s an attack vector in which malicious code, usually JavaScript, is injected into vulnerable web applications, giving the attacker access to session tokens, cookies and other sensitive information.
A Common Vulnerabilities and Exposures number has been created for the vulnerability — CVE-2021-1879 — but as is typical for Apple security updates, further details have not been disclosed. Apple credited the discovery of the vulnerability to Clément Lecigne and Billy Leonard of Google LLC’s Threat Analysis Group. Lecigne was also co-credited with discovering the vulnerability addressed in Apple’s last update.
As with the last update on March 8, the new update has seemingly been released without going through developer or public testing, suggesting that the vulnerability is serious and needed to be urgently addressed. The timing is also notable: The iOS 14.5 version was scheduled to be out before the end of the month but is now looking like it may be early April instead.
The new OSes are available for iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, iPod touch (7th generation) and Apple Watch Series 3 and later.
Apple also released iOS 12.5.2 for older devices that cannot run iOS 14, including iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3 and iPod touch (6th generation) to address the same WebKit vulnerability.
The updates can be installed on iOS and iPad manually through the settings app. Apple Watch users can obtain the update by going to My Watch.
Photo: Pxhere
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
