Apple has released iOS 14.4.1, iPadOS 14.4.1, and macOS 11.2.3 today, an unexpected software drop for iPhone, iPad, and Macs that includes an important new security patch. The new software addresses a WebKit vulnerability, Apple says, which was highlighted to the Cupertino firm by researchers from Google and Microsoft.
The issue, Apple said today, is that the correctly-crafted malicious web content could lead to arbitrary code execution. In short, if you visit a website that has a been set up to exploit the WebKit vulnerability, it could run code on your smartphone, tablet, or computer that you didn’t intend to.
iOS 14.4.1, iPadOS 14.4.1, and macOS 11.2.3 all improve how WebKit validates memory, so as to avoid corruption and bypass the loophole. Apple was notified of the issue by Clément Lecigne of Google’s Threat Analysis Group, and Alison Huffman of Microsoft Browser Vulnerability Research.
The recommendation is that anyone with a potentially impacted device install the new software as soon as possible. For iOS and iPadOS, that means the iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation). For Mac, it’s any machine running macOS Big Sur.
Apple has not said whether it’s aware of any active exploits taking advantage of the vulnerability in the wild. The company – like most – does not reveal the existence of security issues until it has a patch to address them.
You can download the new software on an iPhone or iPad by heading into the settings, choosing “General” and then choosing “Software Update”. The update is approximately 144 MB in size. On Mac, choose the Apple menu in the upper left corner, then “System Preferences” and then “Software Update” to find the new version.