A security patch for WatchOS and MacOS Big Sur has also been posted.
Apple has rolled out a major security patch for iPhones, iPads, Apple Watch, and Macs to correct a memory leakage issue with the company’s WebKit browser engine. Unpatched, these computers run the risk of being exposed to malicious web material that may lead to arbitrary code execution.
Though many iPhone owners would expect a feature-focused iOS 14.5 upgrade to drop-and find that they won’t be able to adjust the default music player at all-Apple has now announced a major security workaround for the new iOS/iPadOS 14.4.1, watchOS 7.3.2, and MacOS Big Sur 11.2.3 patch.
In the patch notes, Apple explains the flaw (CVE-2021-1844) as a memory corruption problem in its WebKit browser engine that would have let malicious websites run code on their browsers. The backdoor was brought to Cupertino’s notice by Google and Microsoft security researchers.
The patch has been rolled out for devices including iPhone (6s and up), iPads (Mini 4, Air 2 and up), iPod touch (7th generation), Apple Watch (Series 3 and up) and MacOS Big Sur PCs. This release point is a comparatively tiny 144MB for Apple mobile devices (if you are already on iOS/iPadOS 14.4) which can differ in size depending on the Mac model and the Big Sur OS update.
It’s still unclear if the WebKit flaw is being deliberately abused in the wild, but the unexpected release of a security update by Apple may be a fair enough excuse for users to patch their computers.