UPDATED 21:40 EST / MARCH 28 2021

SECURITY

Apple releases software updates to address new WebKit vulnerability

Nearly three weeks after releasing its last urgent security updates, Apple Inc. has issued new software updates for its iPhone, iPad and Apple Watch products to address a new security vulnerability in the WebKit engine that powers the Safari browser and other Apple apps.

Apple said the security updates — iOS 14.4.2, iPadOS 14.4.2 and watchOS 7.3.3 — address a WebKit vulnerability that allows an attacker to deliver maliciously crafted web content that may lead to universal cross-site scripting. That’s an attack vector in which malicious code, usually JavaScript, is injected into vulnerable web applications, giving the attacker access to session tokens, cookies and other sensitive information.

A Common Vulnerabilities and Exposures number has been created for the vulnerability — CVE-2021-1879 — but as is typical for Apple security updates, further details have not been disclosed. Apple credited the discovery of the vulnerability to Clément Lecigne and Billy Leonard of Google LLC’s Threat Analysis Group. Lecigne was also co-credited with discovering the vulnerability addressed in Apple’s last update.

As with the last update on March 8, the new update has seemingly been released without going through developer or public testing, suggesting that the vulnerability is serious and needed to be urgently addressed. The timing is also notable: The iOS 14.5 version was scheduled to be out before the end of the month but is now looking like it may be early April instead.

The new OSes are available for iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, iPod touch (7th generation) and Apple Watch Series 3 and later.

Apple also released iOS 12.5.2 for older devices that cannot run iOS 14, including iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3 and iPod touch (6th generation) to address the same WebKit vulnerability.

The updates can be installed on iOS and iPad manually through the settings app. Apple Watch users can obtain the update by going to My Watch.

Photo: Pxhere

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU