KEY POINTS

  • Apple released security updates to address a WebKit vulnerability on select devices
  • The security patches come barely three weeks after Apple released its latest OS updates
  • The flaw allows attackers to inject a code and steal sensitive information from unknowing Apple device owners

Barely weeks after Apple released its new software updates, patches to address a security flaw in iPhones, iPads and Watches have come out. Apple rolled out iOS 14.4.2, iPadOS 14.4.2, and watchOS 7.3.3 to patch a new vulnerability tied to the WebKit engine, which powers the Safari browser and other Apple-related apps.

The new batch of security updates will address the WebKit vulnerability that allows attackers to unleash malicious web content, per the patch notes from the Cupertino company.

The potential universal cross-site scripting allows an attacker to inject a code that is likely to come in the form of JavaScript. Should it be successfully injected, it gives the attacker access to session tokens, cookies and other sensitive information.

To be more precise, the actual number of the Common Vulnerabilities and Exposures is CVE-2021-1879. It remains unclear what the latest Apple security patches cover.

However, the company did acknowledge the ones who discovered the flaw, Clement Lecigne and Billy Leonard of Google LLC’s Threat Analysis Group. Lecigne was also credited for discovering the vulnerability addressed in Apple’s last update.

Unlike the process that Apple usually goes through before releasing a new patch, traditional beta testing appears to have been bypassed. A reason for this is perhaps due to the sensitive nature of the flaw, meaning that the update needed to roll out immediately.

Ironically, the updates rolled out before the expected release of iOS 14.5, which was originally set for release by the end of the month. With the recent release, this new iOS version may likely be pushed to an April drop.

Apple devices that will get the security updates include the iPhone 6s, all iPad Pro models, iPad Air 2 (and later), the iPad 5th generation (and later), iPad mini 4 and later, iPod touch (7th generation) and the Apple Watch Series 3 and later.

Other previous iPhone models that run on iOS 12.5.2 and are also affected by the WebKit vulnerability have also gotten the update. For others, the updates can be manually installed on iOS and iPad via the settings app. Apple Watch users can get the update by going to My Watch.

A cybersecurity startup successfully defended in court its ability to
"virtualize" Apple's iOS software to help find software flaws A cybersecurity startup successfully defended in court its ability to "virtualize" Apple's iOS software to help find software flaws Photo: AFP / Mladen ANTONOV