On 26 March 2021, Apple released security updates in multiple products to address a vulnerability that may have been “actively exploited” prior to being patched.
- The flaw, tracked as CVE-2021-1879, is a cross-site scripting vulnerability in the WebKit browser engine used by the Safari browser on Apple devices.
- Updates are available for iPhone, iPad, iPod, and Apple Watch devices.
- Malicious actors could launch universal cross-site scripting attacks after tricking targets into opening maliciously-crafted web content on their devices.
- An attacker could then either serve malware or steal victim’s credentials using a malicious page.
Why it’s important
- Update your device as soon as possible as actively exploited flaws present high risk to unpatched devices.
- If you don’t have automatic updates enabled, on iOS and iPadOS, go to the Settings-> General->Software Update.