Apple has released a security patch for iPhones, iPads and Apple Watches to fix an issue under active attack by hackers.
The security patch is available with iOS 14.4.2 and iPadOS 14.4.2 updates which cover older devices as well as with watchOS 7.3.3 update for Apple Watches.
The vulnerability has been found with Apple’s WebKit, the browser engine that is users in the Safari browser across all Apple devices.
Describing the impact of the vulnerability, Apple wrote on its support page, “Processing maliciously crafted web content may lead to universal cross-site scripting.”
“Apple is aware of a report that this issue may have been actively exploited,” it said.
The issue was reported by Clement Lecigne of Google Threat Analysis Group and Billy Leonard of Google Threat Analysis Group. It was addressed by “improved management of object lifetimes.”
Fix for the vulnerability CVE-2021-1879 is available for iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).
The watchOS update is available for Apple Watch Series 3 and later.
Apple has not specified if and how any users were impacted by the issue or if the attack was a wider attack or targeted against a small number of users.
The tech giant released a fix for similar issues with WebKit earlier this month (via TechCrunch).
It had released patches for a “memory corruption issue” with the browser engine.
The vulnerabilities were reported by Google and Microsoft researchers.