Cybercrooks have already been exploiting this flaw in iPhones, iPads, and watches
Apple has issued critical security patches for all supported phones, fondleslabs, and watches after being alerted to multiple possible intrusions by Google.
The fix issued on Friday for iOS 14.4.2 and iPadOS 14.4.2, CVE-2021-1879, is urgently needed. According to Apple, the flaw allows for the creation of “maliciously crafted web content,” which “may lead to universal cross-site scripting.” Apple has heard that the code snafu “may have been actively exploited.”
To make matters worse, the problem was reported by Clement Lecigne and Billy Leonard of Google’s Threat Analysis Group (TAG), which monitors state-sponsored cyber attacks, which suggests this one’s serious.
Cupertino also warned iOS 12.5.2 users with older kit – iPhone 5s, 6, and 6 Plus holdouts, and those using the same code on an iPad – to update for the same flaw. Even Cupertino’s wrist computer app, watchOS 7.3.3, is vulnerable.
Apple’s privacy and security is better than most – provided you don’t live in China or the like – but this one looks like something you should check to make sure it is patched.
https://www.theregister.com/2021/03/29/in_brief_security/