Merely weeks after releasing out-of-band patches for iOS, iPadOS, macOS and watchOS, Apple has issued yet another security update for iPhone, iPad, and Apple Watch to fix a critical zero-day weakness that it says is being actively exploited in the wild.
Tracked as CVE-2021-1879, the vulnerability relates to a WebKit flaw that could enable adversaries to process maliciously crafted web content that may result in universal cross-site scripting attacks.
“This issue was addressed by improved management of object lifetimes,” the iPhone maker noted.
Apple has credited Clement Lecigne and Billy Leonard of Google’s Threat Analysis Group for discovering and reporting the issue. While details of the flaw have not been disclosed, the company said it’s aware of reports that CVE-2021-1879 may have been actively exploited.
Updates are available for the following devices:
- iOS 12.5.2 – Phone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation)
- iOS 14.4.2 – iPhone 6s and later, and iPod touch (7th generation)
- iPadOS 14.4.2 – iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later
- watchOS 7.3.3 – Apple Watch…