Apple has just issued iOS 14.4.2, an urgent security fix for a vulnerability that has already been exploited by attackers.
Apple has just released iOS 14.4.2, an important security update that all iPhone users should install right now. The security update in iOS 14.4.2 fixes a vulnerability in Apple’s WebKit browser engine, which the iPhone maker says has already been actively exploited.
That means that not only does the security issue exist in all iPhones running iOS versions before iOS 14.4.2, but attackers may already have the details, and be using them to attack people’s Apple devices.
Apple has deemed the vulnerability so serious that it has also released iOS 12.5.2 so people who own devices such as the iPhone 6, iPhone 5S and older iPads can also update their iOS 12 operating systems.
The sudden release of iOS 14.4.2 is the latest in a series of urgent security fixes in recent weeks.
The details are scarce, but Apple says the vulnerability fixed in iOS 14.4.2 could allow a malicious website to perform arbitrary cross-site scripting. As Sean Wright, SME application security lead at Immersive Labs explains, cross-site scripting gives attackers multiple means to attack you. This could include redirecting you to a phishing or malicious site, performing actions on a site on your behalf, or even obtaining information from your browsing session. “Since this is in WebKit, it could impact any site you visit, and potentially many apps as well,” he says.
Combine this with the fact the issue is actively being exploited, and it makes sense that all iPhone users should update to iOS 14.4.2 as soon as they can, Wright advises.
Don’t wait to update to iOS 14.4.2
Many people wait to update their iPhones due to bugs in early iOS versions. But since iOS 14.4.2 is a pure security update, it’s important that you install it now. This will ensure your iPhone is protected from malicious attackers.
Apple’s features-based operating system update, iOS 14.5, is due to launch any minute now, probably soon in April. It will come with updates such as the App Tracking Transparency feature that is set to hurt the likes of Facebook by limiting how it can track you across apps and services.