Apple released patches for the iPhone, iPad and Apple Watch over the weekend that all users should install immediately. The patches fix a dangerous zero-day vulnerability that hackers are actively exploiting.
Clement Lecigne and Billy Leonard of the Google Threat Analysis Group have discovered a bug in the WebKit browser engine that Safari uses for all Apple products.
Apple’s patch notes The details of the bug itself are extremely small, so we don’t know much about it other than that “processing maliciously crafted web content can lead to universal cross-site scripting” and that it poses a risk to all iPhone, iPad and Apple Watch Users, even if you are not using Safari as a mobile web browser app.
Worse still, Apple confirms that hackers are actively using the flaw to attack users. There’s no word on how widespread the attacks are or how specifically they’re being carried out, but it’s serious enough that the company has released emergency patches for the following devices:
iOS 14.4.2
- iPhone 6s and higher
- iPod touch (7th generation)
iPadOS 14.4.2
- iPad Pro
- iPad Air 2 and higher
- iPad 5th generation and later
- iPad mini 4 and higher
iOS 12.5.2
- iPhone 5s
- iPhone 6
- iPhone 6 Plus
- iPad Air
- iPad mini 2
- iPad mini 3
- iPod touch (6th generation)
watchOS 7.3.3
- Apple Watch Series 3 and above
Since we don’t know much about the “maliciously crafted web content” used by hackers to exploit the WebKit vulnerability, the only way to protect your devices and data is to apply the patches to any applicable Apple product you own.
G / O Media can receive a commission
The updates should normally be downloaded automatically. However, you can check for updates at on iPhone or iPad Settings> General> Software update.
To update your Apple Watch, open the Watch app on your iPhone and go to My watch> General> Software update, or open the Settings app on your Apple Watch and go to General> Software update.