Apple issues iOS 14.4.2 with critical security fix for active web vulnerability

Apple has launched a critical software update for iPhone and iPad that closes off a security vulnerability that had been actively exploited in the wild.

The company has released iOS and iPadOS 14.4.2, which it says whacks an issue that enabled a bad actor to engage in cross-site scripting. The implication being that a nefarious sort could remotely harvest information from a site you have open on your Apple device.

We often see Apple post security updates for vulnerabilities, but it isn’t often we see evidence those vulnerabilities have been exploited in the wild. In this instance, Apple says it knows of one person who has used the vulnerability, which has been fixed via ‘improved management of object lifetimes.’

In a post on Apple’s support site (spotted by MacRumors), the company writes: “Impact: Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been actively exploited.”

The update comes just a few weeks after iOS/iPadOS 14.4.1 also brought security fixes. That also spoke of: “Processing maliciously crafted web content may lead to arbitrary code execution.” This makes todays update the second security fix for the iOS 14.4 update early in the New Year.

Related: Best iPhone

This is probably an update you shouldn’t wait too long to download. You can do so by heading to Settings > General > Software Update and following the instructions. As always, it’s a decent idea to have a recent back-up in your locker before going ahead with the update.

iOS 14.4 arrived in January and brought new Bluetooth features, enabling users to classify a device types like speakers or headphones. The iPhone camera app is also able to capture smaller QR codes while there’s also a bug fix for a keyboard issue that prevented the correct language appearing in the Messaging app.