It’s the weekend, which is typically a great time to lay in bed all day vising sketchy websites. This weekend, however, Apple strongly recommends you update your iPhone, iPad, and Watch before you go cruising around the web. Yesterday, the company rolled out iOS 14.4.2, watchOS 7.3.3, and iPadOS 14.4.2 to close up a vulnerability poses an “active” security threat.
Apple’s initial security announcement is sparse with details. That’s typical for the company, which doesn’t usually provide many specifics until it has had a chance to do an internal investigation into the issue. According to the release, the issue was first uncovered by Clement Lecigne of Google Threat Analysis Group and Billy Leonard of Google Threat Analysis Group, which means that it wasn’t Apple itself who discovered the threat.
When it comes to the overall effect of the hack, Apple provides a short explanation. “Impact: Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been actively exploited.” The vulnerability applies to Apple’s WebKit service and has been closed once people apply the software patch.
While we still don’t really know any exact details about the issue, Apple’s release says that it may have been “actively exploited,” which means it’s not just a precautionary measure. Apple is currently working on a rather large software release in the form of iOS 14.5, which will bring a whole heap of security updates, so rushing out a security update just a few weeks after the latest version release suggests this is serious.
[Related: Keep your gadgets updated]
If you haven’t updated your phone yet, you’ll probably want to limit the amount of web browsing that you do, at least from smaller, less trustworthy websites. In reality, however, you should just take a few minutes to update your devices. If you don’t see an automatic prompt or you don’t have auto-updates turned on, you can simply go to Settings > General > Software Update on your iPhone or iPad to get the process started.