Apple has released security updates to patch a vulnerability existing in its iOS, iPadOS, and WatchOS. This is an XSS bug caused due to visiting a phishing page, and Apple says it’s aware of active exploitations on this. Thus, it has released an immediate update to secure iPhones, iPads, and Apple Watches.
Apple Security Update
Though Apple devices are claimed to be secure, they’re having their own share of vulnerabilities. These include a recently found Cross-Site scripting bug by Apple, which it says being exploited actively in the wild. As its advisory read, “Processing maliciously crafted web content may lead to universal cross-site scripting.”
Maliciously crafted website here refers to the phishing sites, which are fake page resembling authentic sources to steal credentials. These are on rising and termed as the first step in cyber attacks. Apple says the users could be directed to a phishing page to infected with a cross-Site scripting attack.
Affected devices range from iPhone 5s and later, iPad Pro all models, iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation). Also, the Apple Watch Series 3 and later. These zero-day bugs were informed to Apple by Clement Lecigne and Billy Leonard of Google Threat Analysis Group.
Tracked as CVE-2021-1879, these were now patched by Apple by realizing iOS 14.4.2, iOS 12.5.2, and watchOS 7.3.3. As it addresses by improving the management of object lifetimes, Apple recommends users to update to all these released patches immediately, to avoid being affected.
To apply them, go to your device’s Settings and check for the latest software updates. Like in iOS, go to Settings > General > Software Update. The same process applies to Apple Watches and iPads too.