Security

Apple Releases Urgent Patch to Fix Zero-Day Under Active Exploitation

By Bill Toulas
ios14
  • Apple has got another report about an actively exploited WebKit bug and is fixing it.
  • The emergency patch comes through iOS 14.4.2, 12.5.2, and watchOS 7.3.3.
  • Apple may begin pushing these updates separately from the system updates, starting with iOS 14.5.

Only about two weeks after the last zero-day flaw fix that came through an out-of-band update (iOS 14.4.1), Apple returns with another similarly urgent patch for all its operating systems. The flaw that’s squashed this time is CVE-2021-1879, which lies on WebKit, Safari’s engine. According to Apple, the particular flaw is being under active exploitation at the moment, with crooks using maliciously crafted web content to trigger cross-site scripting attacks.

Like CVE-2021-1844, which was urgently patched at the start of the month, the newest bug was discovered and reported to Apple by researcher Clément Lecigne and Billy Leonard, both members of Google’s Threat Analysis Group. No technical details have been disclosed about the discovered vulnerabilities for security and precautionary reasons, as most users haven’t applied the update yet.

The fixing of the problem comes through the improved management of object lifetimes, and is incorporated in the following software products:

  • iOS 12.5.2 – Phone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation)
  • iOS 14.4.2 – iPhone 6s and later, and iPod touch (7th generation)
  • iPadOS 14.4.2 – iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later
  • watchOS 7.3.3 – Apple Watch Series 3 and later

If you own any of the above devices, you should see an alert about the available update on Settings. It is important to apply the patch as soon as you can, as merely browsing online could trigger the exploit.

In light of the need to push frequent security micro-patches, Apple has recently started considering a new system that would fetch these crucial packs outside of the context of the regular update. This way of having “standalone” security updates is common in the Android world, and Apple sees value in following the same approach. The code that brings this new system was found in a beta of the iOS 14.5, which is purported to be one of the more feature-packed point releases ever.

Add a Comment

Latest
Streaming
How to Watch Hot Wheels: Ultimate Challenge Online from Anywhere
Lore Apostol - 0
Hot Wheels: Ultimate Challenge is a new car makeover competition show, and the best part is that you’ll be able to stream...
Read more
Streaming
How to Watch Gender Wars Online Free: Stream the Documentary from Anywhere
Lore Apostol - 0
Gender Wars is a new British documentary that tackles a question that’s been asked more frequently lately: what is a woman? You’ll...
Read more
Streaming
How to Watch America’s Got Talent Season 18 Online: Live Stream AGT from Anywhere
Lore Apostol - 0
America's Got Talent Season 18 is back with a new set of episodes, and we have all the important details you may...
Read more

© TechNadu 2023. All Rights Reserved.

Close lightbox
Facebook
Twitter
Linkedin
Reddit
Email
Copy Link
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari