Critical Patch Update
Last week, Apple released a security update to address a zero-day, or previously unknown, vulnerability affecting IOS, IPadOS, and watchOS. Apple believes this vulnerability is being actively exploited but the company has not released details about who may be impacted by the attacks.
The vulnerability is officially known as CVE-2021-1879 and it involves a flaw in the Webkit browser engine that may lead to cross-site scripting. Cross-site scripting is an attack where malicious scripts are injected into otherwise trustworthy websites. The malicious code is then executed by your web browser.
Webkit seems to be causing headaches for Apple because there have been several emergency patches also involving a Webkit exploit. Earlier this month they released a patch to fix a memory corruption issue (CVE-2021-1844). This issue could lead to arbitrary code execution when processing maliciously crafted web content. In January, there was another Webkit fix for an exploit allowing remote attackers to execute code on your device (CVE-2021-1870 and CVE-2021-1871).
So if you are using an Apple device make sure that you update as soon as possible and that the version is one of the following, or newer:
- IOS 14.4.2 (7th gen)
- IOS 12.5.2 (6th gen)
- IPad OS 14.4.2
- watchOS 7.3.3