CALIFORNIA – Apple has just released iOS 14.4.2, an important security update that all iPhone users should install right now. The security update in iOS 14.4.2 fixes a vulnerability in Apple’s WebKit browser engine, which the iPhone maker says has already been actively exploited.
It reveals that not only Apple devices running iOS version below 14.4.2 are at a risk, but attackers may already have the details, and be using them to attack people’s Apple devices.
Apple has deemed the vulnerability so serious that it has also released iOS 12.5.2 for people who own devices such as the iPhone 6, iPhone 5S and older iPads can also update their iOS 12 operating systems.
The sudden release of iOS 14.4.2 is the latest in a series of urgent security fixes in recent weeks.
Apple has not elaborated the details in length but says the vulnerability fixed in iOS 14.4.2 could allow a malicious website to perform arbitrary cross-site scripting.
Application security experts have explained that cross-site scripting gives attackers multiple means to attack you. This could include redirecting you to a phishing or malicious site, performing actions on a site on your behalf, or even obtaining information from your browsing session. Since this is in WebKit, it could impact any site you visit, and potentially many apps as well.
Don’t delay to update
Apple is aware of the habitual hesitation of users to delay in installing the update to avoid bugs in early iOS versions. But since iOS 14.4.2 is a pure security update, it’s important that users install it now.
Apple’s features-based operating system update, iOS 14.5, is due to launch soon, probably in April. It will come with updates such as the App Tracking Transparency feature that is set to hurt the likes of Facebook by limiting how it can track you across apps and services.
What a delivery Woman orders iPhone 12 Pro Max but receives Apple flavoured milk