Apple has released iOS 14.4.2 for the latest devices, iOS 12.5.2 for older devices, and watchOS 7.3.3 with bug fixes and other improvements.
The over-the-air updates are available to download directly to devices. On iOS and iPadOS, this involves opening the Settings app then selecting General, then Software Update, or to wait for the update to install automatically if that setting is enabled.
Apple outlined the reason for each of Friday's updates in a series of support documents.
Impact: Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been actively exploited.
Description: This issue was addressed by improved management of object lifetimes.
The report numbered CVE-2021-1879 was filed by Clement Lecigne and Billy Leonard of Google Threat Analysis Group.
iOS 14.4.2 and iPadOS 14.4.2 is available for iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).
iOS 12.5.2 is available for iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation).
watchOS 7.3.3 is available for Apple Watch Series 3 and later.
Apple updated iOS and iPadOS to version 14.4 on January 26, adding features including "Find My Items" and an improved HomePod mini Handoff.
iOS 14.4.1 released on March 8 with bug fixes as well. It was later discovered that version 14.4.1 patched a WebKit flaw that could have allowed hackers to execute code on a host device using "maliciously crafted" content.
Apple is also currently running betas of iOS 14.5, iPadOS 14.5, tvOS 14.5, watchOS 7.4, and macOS Big Sur 11.3.
Stay on top of all Apple news right from your HomePod. Say, "Hey, Siri, play AppleInsider," and you'll get latest AppleInsider Podcast. Or ask your HomePod mini for "AppleInsider Daily" instead and you'll hear a fast update direct from our news team. And, if you're interested in Apple-centric home automation, say "Hey, Siri, play HomeKit Insider," and you'll be listening to our newest specialized podcast in moments.
7 Comments
Watch update too 7.3.3.
Appears to be another WebKit fix
https://support.apple.com/en-us/HT212256
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been actively exploited.
Description: This issue was addressed by improved management of object lifetimes.
CVE-2021-1879: Clement Lecigne of Google Threat Analysis Group and Billy Leonard of Google Threat Analysis Group