Apple releases software updates to address new WebKit vulnerability


Nearly three weeks after releasing its last urgent security updates, Apple Inc. has issued new software updates for its iPhone, iPad and Apple Watch products to address a new security vulnerability in the WebKit engine that powers the Safari browser and other Apple apps.

Apple said the security updates — iOS 14.4.2, iPadOS 14.4.2 and watchOS 7.3.3 — address a WebKit vulnerability that allows an attacker to deliver maliciously crafted web content that may lead to universal cross-site scripting. That’s an attack vector in which malicious code, usually JavaScript, is injected into vulnerable web applications, giving the attacker access to session tokens, cookies and other sensitive information.

A Common Vulnerabilities and Exposures number has been created for the vulnerability — CVE-2021-1879 — but as is typical for Apple security updates, further details have not been disclosed. Apple credited the discovery of the vulnerability to Clément Lecigne and Billy Leonard of Google LLC’s Threat Analysis Group. Lecigne was also co-credited with discovering the vulnerability addressed in Apple’s last update.

As with the last update on March 8, the new update has seemingly been released without going through developer or public testing, suggesting that the vulnerability is serious and needed to be urgently addressed. The timing is also notable: The iOS 14.5 version was scheduled to be out before the end of the month but is now looking like it may be early April instead.

The new OSes are available for iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, iPod touch (7th generation) and Apple Watch Series 3 and later.

Apple also released iOS 12.5.2 for older devices that cannot run iOS 14, including iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3 and iPod touch (6th generation) to address the same WebKit vulnerability.

The updates can be installed on iOS and iPad manually through the settings app. Apple Watch users can obtain the update by going to My Watch.

Photo: Pxhere

Since you’re here …

Show your support for our mission with our one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will suggest relevant enterprise and emerging technology content to you. Thanks!

Support our mission:    >>>>>>  SUBSCRIBE NOW >>>>>>  to our YouTube channel.

… We’d also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.





Source link