Apple has released security patches for iPhones, iPads and Apple Watches to protect against vulnerabilities that maybe have been exploited by hackers.
The patches fix a security flaw in iOS 14 that could allow a remote attacker to run malicious code on an Apple device. The patch is available for iPhone 6s and later, all iPad Pro models, iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later and iPod touch 7th generation.
According to Apple, the vulnerability resides in WebKit, the browser engine primarily used in the company’s Safari web browser. A hacker could exploit the vulnerability to run malicious code over the browser in a cross site scripting attack.
“Apple is aware of a report that this issue may have been actively exploited,” the company said on its support page.
The vulnerability is tracked as CVE-2021-1879.
Here’s more from Apple’s support page:
Impact: Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been actively exploited.
Description: This issue was addressed by improved management of object lifetimes.
The vulnerability was apparently discovered by two researchers with Google’s Threat Analysis Group.
According to a CNet report, the flaw could expose a user’s personal information, including a person’s name, email address and more.
Apple was mum on other details, including how many devices have been compromised, who may have been behind the exploits or if consumers or the private sector were more at risk.
This patch is the second this month to address a vulnerability in WebKit.
Users should leave the automatic update feature on, but if that isn’t enabled, users can update via their Settings app, then tapping General, then Software Update.