It looks like Apple has some issues regarding security on some of its devices. Following an important security update in January that patched a significant vulnerability in iOS 14, now the Cupertino-based company has listed a few more security updates, this time for iOS, iPadOS, macOS and watchOS.
The only ecosystem exempt from the security updates is tvOS, but we’ll have to wait to see if anything happens on that front.
Apple has listed its latest update here, with the company noting that they are, “recommended for all users”. When it gives that sort of advice, it is often best to follow it, with the reason for the wide-ranging updates seemingly resulting malicious content executed while browsing online.
Looking at the notes for the respective updates they feature the following note regarding Apple’s WebKit:
“Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A memory corruption issue was addressed with improved validation.
CVE-2021-1844: Clément Lecigne of Google’s Threat Analysis Group, Alison Huffman of Microsoft Browser Vulnerability Research.”
Reading what we can into the above note, it appears as if the Safari browser is the route of the problem, with a bug being triggered by a malicious webpage. If exploited, an attacker will then be able to run malicious code on your device.
It is unclear whether or not this exploit has been actively used by cyberattackers, with no additional information revealed by Google or Microsoft’s security divisions, both of whom discovered the vulnerability.
If you’re an Apple device user, you likely don’t want to find out first hand if the vulnerability is indeed being exploited, so it is best to update accordingly.
Links to the respective updates and details of the vulnerability can be found below: