Apple released patches for iPhone, iPad, and Apple Watch over the weekend that all users should install immediately. The patches fixes a dangerous zero-day vulnerability that hackers are actively exploiting.
Clement Lecigne and Billy Leonard of the Google Threat Analysis Group discovered a bug in the WebKit browser engine that Safari uses on all of Apple’s products.
Apple’s patch notes are woefully thin on details on the bug itself, so we don’t know much about it other than “processing maliciously crafted web content may lead to universal cross-site scripting,” and that it’s a risk to all iPhone, iPad, and Apple Watch users even if you don’t use Safari as your mobile web browsing app.
[referenced id=”1052924″ url=”https://staging.lifehacker.com.au/2021/03/how-to-tell-if-youre-being-scammed-by-fleeceware-apps/” thumb=”https://www.gizmodo.com.au/wp-content/uploads/sites/4/2021/03/30/nb7ykth6jqqa7qzsnihc-300×168.jpg” title=”How to Tell If You’re Being Scammed By Fleeceware Apps” excerpt=”Fleeceware is one of the worst scams you can deal with on your device, because it has one, singular goal: extracting as much money from you as possible. It generally accomplishes this not by dropping malware on your device or otherwise forcing you to do something; instead, fleeceware hides in…”]
Worse, Apple confirms hackers are actively using the bug to attack users. There’s no word on how widespread the attacks are or how they’re specifically carried out, but it’s serious enough that the company pushed emergency patches for the following devices:
iOS 14.4.2
-
iPhone 6s and later
-
iPod touch (7th generation)
iPadOS 14.4.2
-
iPad Pro
-
iPad Air 2 and later
-
iPad 5th gen and later
-
iPad mini 4 and later
iOS 12.5.2
-
iPhone 5s
-
iPhone 6
-
iPhone 6 Plus
-
iPad Air
-
iPad mini 2
-
iPad mini 3
-
iPod touch (6th generation)
watchOS 7.3.3
-
Apple Watch Series 3 and later
Since we don’t know much about the “maliciously created web content” that hackers are using to exploit the WebKit vulnerability, the only way to keep your devices and data safe is to install the patches on all applicable Apple products you own.
The updates should normally download automatically, but you can check for updates on iPhone or iPad under Settings > General > Software Update.
To update your Apple Watch, open the Watch app on your iPhone and go to My Watch > General > Software Update, or open the Settings app on your Apple Watch and go to General > Software Update.
Leave a Reply
You must be logged in to post a comment.