Apple Releases Urgent Patch to Fix Zero-Day Under Active Exploitation

  • Apple has got another report about an actively exploited WebKit bug and is fixing it.
  • The emergency patch comes through iOS 14.4.2, 12.5.2, and watchOS 7.3.3.
  • Apple may begin pushing these updates separately from the system updates, starting with iOS 14.5.

Only about two weeks after the last zero-day flaw fix that came through an out-of-band update (iOS 14.4.1), Apple returns with another similarly urgent patch for all its operating systems. The flaw that’s squashed this time is CVE-2021-1879, which lies on WebKit, Safari’s engine. According to Apple, the particular flaw is being under active exploitation at the moment, with crooks using maliciously crafted web content to trigger cross-site scripting attacks.

Like CVE-2021-1844, which was urgently patched at the start of the month, the newest bug was discovered and reported to Apple by researcher Clément Lecigne and Billy Leonard, both members of Google’s Threat Analysis Group. No technical details have been disclosed about the discovered vulnerabilities for security and precautionary reasons, as most users haven’t applied the update yet.

The fixing of the problem comes through the improved management of object lifetimes, and is incorporated in the following software products:

  • iOS 12.5.2 – Phone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation)
  • iOS 14.4.2 – iPhone 6s and later, and iPod touch (7th generation)
  • iPadOS 14.4.2 – iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later
  • watchOS 7.3.3 – Apple Watch Series 3 and later

If you own any of the above devices, you should see an alert about the available update on Settings. It is important to apply the patch as soon as you can, as merely browsing online could trigger the exploit.

In light of the need to push frequent security micro-patches, Apple has recently started considering a new system that would fetch these crucial packs outside of the context of the regular update. This way of having “standalone” security updates is common in the Android world, and Apple sees value in following the same approach. The code that brings this new system was found in a beta of the iOS 14.5, which is purported to be one of the more feature-packed point releases ever.

Latest
How to Watch Hot Wheels: Ultimate Challenge Online from Anywhere
Hot Wheels: Ultimate Challenge is a new car makeover competition show, and the best part is that you’ll be able to stream...
How to Watch Gender Wars Online Free: Stream the Documentary from Anywhere
Gender Wars is a new British documentary that tackles a question that’s been asked more frequently lately: what is a woman? You’ll...
How to Watch America’s Got Talent Season 18 Online: Live Stream AGT from Anywhere
America's Got Talent Season 18 is back with a new set of episodes, and we have all the important details you may...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari