Loading table of contents...
On 26 March 2021, Apple released security updates in multiple products to address a vulnerability that may have been “actively exploited” prior to being patched.
Details
- The flaw, tracked as CVE-2021-1879, is a cross-site scripting vulnerability in the WebKit browser engine used by the Safari browser on Apple devices.
- Updates are available for iPhone, iPad, iPod, and Apple Watch devices.
- Malicious actors could launch universal cross-site scripting attacks after tricking targets into opening maliciously-crafted web content on their devices.
- An attacker could then either serve malware or steal the victim's credentials using a malicious page.
Why it's important
- Update your device as soon as possible as actively exploited flaws present a high risk to unpatched devices.
- If you don't have automatic updates enabled, on iOS and iPadOS, go to Settings -> General -> Software Update.
References
