Apple issues an emergency update

On Friday, Apple sent an update to iPhone and iPad users in order to fix a flaw that appeared in the main browser engine "Safari" and other browsers.

Technical websites stated that the American company is aware of a vulnerability that has been exploited by some to penetrate iPhones and iPads.

Not many details were available about the size and scope of the breach.

She said the update sent to users in iOS 14.4.2 and iPadOS 14.4.2 will fix the security issue.

This security problem is called Zero-day, because the vulnerability finder does not leave any day that passes without being exploited in attacks, because it is in a race against time, and if the vulnerability is discovered, the doors to the breach are blocked.



This type of cyber attack relies on security flaws in the applications that are unknown to their developers.

Apple has released an emergency update for its iOS, iPadOS and watchOS operating systems to address a zero-day security vulnerability that is actively exploited in the wild. The vulnerability affects several models of iPhone, iPad, Apple Watch and iPod touch.

Anyone can do the update, by going to Settings, choosing the General category, and clicking on the Software Update option

"Apple is aware of the potential active exploitation of this security flaw," says Apple's security advisory describing the security flaw that is being closed with the iOS 14.4.2 and iPadOS 14.4 releases. .2.

The list of affected devices includes iPhone 6s and later, all versions of iPad Pro, iPad Air 2 and later, 5th generation iPad and later, iPad mini 4 and later versions, and the 7th generation of iPod touch. The Cupertino-based tech giant has also released security updates for its Apple Watch products (watchOS 7.3.3).



Given the severity of the threat, Apple has also rolled out an update (iOS 12.5.2) for older devices such as the iPhone 5s and iPhone 6. In an effort to protect its customers, the company did not disclose any information on the perpetrators or targets of the attacks. Meanwhile, IT Emergency Response Teams (CERTs) in the United States, Hong Kong, and Singapore have issued alerts urging users of affected devices to immediately apply updates.

Listed as CVE-2021-1879, the security flaw lies in WebKit, Apple's open-source web browser engine used by the Safari browser, Mail, and various other iOS and iPadOS apps. "Processing malicious web content can lead to universal cross-site scripting," the bug description says.

According to CyberSecurityHelp, a remote attacker able to trick their victim into clicking on a specially crafted link and executing arbitrary code could steal sensitive data, carry out a phishing or drive-by-download attack, as well as modify the appearance of the website.

Clément Lecigne and Billy Leonard, of Google's threat analysis group, are behind the discovery and disclosure of the vulnerability. This is not the first time that Google security researchers have uncovered a bug affecting Apple devices.

Last year, for example, Google's Project Zero team discovered a trio of zero-day vulnerabilities affecting a long list of Apple products. Earlier this year, Apple had to issue an emergency update that fixed three zero-day flaws that also affected a wide range of its products.

If you haven't turned on automatic updates, you can update your iPhone and iPad manually by going to the Settings menu, then tapping on General, and going to the Software Update section.






Read More:

Does Linux need a firewall?

Do I need AntiVirus in Linux? 

Best Linux software for developers in 2021