Apple released update 14.4.2 for iOS on Friday that closes a vulnerability in WebKit. The vulnerability has been found in iOS and iPadOS. It is the second security update for iOS this month.
The CVE-2021-1879 vulnerability was discovered by Clement Lecigne and Billy Leonard of the Google Threat Analysis Group. According to Apple, the vulnerability was actively exploited.
It concerns a leak in WebKit that made cross-site scripting possible. Apple will not comment further on the vulnerability until it has completed its own investigation.
The update is available for iPhone 6s or later, all iPad Pro models, iPad Air 2 and later, fifth-generation or later iPads, iPad Mini 4 or later, and seventh-generation iPod Touch.
Apple devices that still have iOS 12 will also receive the security update. Update 12.5.2 is available for download for iPhone 6, iPhone 5s, iPad Mini 3, the first generation iPad Air and the sixth generation iPod Touch.
Earlier this month, Apple also released an update for iOS. Update 14.4.1 closed a vulnerability in the Safari web browser. Apple did not provide further details about the security update.