Sunday Mar 28, 2021
People owning iPhones have been asked by Apple to urgently update their iOS to 14.4.2 in view of security threats, according to a report by Forbes.
Forbes said that Apple has issued the update "for a vulnerability that has already been exploited by attackers".
The publication quoted Apple as informing users that the security update in iOS 14.4.2 "fixes a vulnerability in Apple’s WebKit browser engine", one which has already been "actively exploited".
According to the report, users running versions prior to 14.4.2 on their devices, may be exposed to the security issue as a result of which attackers may already have details which they will likely use to compromise other Apple devices.
The threat has been taken so seriously by Apple, that for users with older devices, it has launched iOS 12.5.2 so people who have iPhone 6, iPhone 5S and older iPads can also update their iOS 12 operating systems.
Although details are scant, Apple has said that the vulnerability which the update fixes, "could allow a malicious website to perform arbitrary cross-site scripting", according to Forbes.
The magazine quotes SME application security lead at Immersive Labs as saying that "cross-site scripting gives attackers multiple means to attack you".
"This could include redirecting you to a phishing or malicious site, performing actions on a site on your behalf, or even obtaining information from your browsing session. Since this is in WebKit, it could impact any site you visit, and potentially many apps as well,” he was quoted by Forbes as saying.
The publication has advised that contrary to a users' usual act of waiting to update the iOS due to bugs in early versions, this update is focused primarily on security and so must be downloaded immediately.
The move will protect users from any malicious attacks.
The subsequent update, iOS 14.5, due in April, will see new features such as App Tracking Transparency expected to hurt apps like Facebook which tracks user activity across apps and services.