PSA: It’s time to update your Apple devices again. Yes, you did just update them just recently, but Apple was alerted to a WebKit bug that may have already been exploited in the wild.This makes the second WebKit arbitrary code execution bug in as many months.
Last week Apple finally pushed out iOS 14.5, watchOS 7.4, and macOS 11.3. They bought some convenient new features, like enabling Face ID to work while wearing a face mask. However, it seems there was a pesky vulnerability that came along for the ride. Today, Apple released a patch for it, and you may want to download it as soon as possible. Apple says that hackers might be actively exploiting it.
“Processing maliciously crafted web content may lead to arbitrary code execution,” the patch notes read. “Apple is aware of a report that this issue may have been actively exploited.”
The vulnerability is with WebKit, the software responsible for rendering web content on Apple devices. The security flaw could allow a malicious website to execute arbitrary code on your Mac, iPhone, or Apple watch. Updating to iOS/iPadOS 14.5.1, watchOS 7.4.1, and macOS 11.3.1 on newer devices should fix the issue. For older models of iPad and iPhone, Apple patched iOS 12.5.3 to fix the hole.
This is not the first time WebKit has had problems after an update. Back in March, WebKit suffered a nearly identical arbitrary code execution bug when iOS 14.4, watchOS 7.3.1, and macOS 11.2.2 launched. As far as Apple could tell, that bug was never exploited, so this time around, it’s a bit more urgent to get your devices updated.
Image credit: Africa Studio