07.04.2021 Apple Fixes Actively Exploited Flaw In Multiple Products

by Elena Lapina

On 26 March 2021, Apple released security updates in multiple products to address a vulnerability that may have been “actively exploited” prior to being patched.


Details

  • The flaw, tracked as CVE-2021-1879, is a cross-site scripting vulnerability in the WebKit browser engine used by the Safari browser on Apple devices.
  • Updates are available for iPhone, iPad, iPod, and Apple Watch devices.
  • Malicious actors could launch universal cross-site scripting attacks after tricking targets into opening maliciously-crafted web content on their devices.
  • An attacker could then either serve malware or steal victim’s credentials using a malicious page.

Why it’s important

  • Update your device as soon as possible as actively exploited flaws present high risk to unpatched devices.
  • If you don’t have automatic updates enabled, on iOS and iPadOS, go to the Settings-> General->Software Update.

References: Apple

 

Request Demo

Fill out the form and we will send you details about our demo.