large image

Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

Apple issues iOS 14.4.2 with critical security fix for active web vulnerability

Apple has launched a critical software update for iPhone and iPad that closes off a security vulnerability that had been actively exploited in the wild.

The company has released iOS and iPadOS 14.4.2, which it says whacks an issue that enabled a bad actor to engage in cross-site scripting. The implication being that a nefarious sort could remotely harvest information from a site you have open on your Apple device.

We often see Apple post security updates for vulnerabilities, but it isn’t often we see evidence those vulnerabilities have been exploited in the wild. In this instance, Apple says it knows of one person who has used the vulnerability, which has been fixed via ‘improved management of object lifetimes.’

In a post on Apple’s support site (spotted by MacRumors), the company writes: “Impact: Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been actively exploited.”

The update comes just a few weeks after iOS/iPadOS 14.4.1 also brought security fixes. That also spoke of: “Processing maliciously crafted web content may lead to arbitrary code execution.” This makes todays update the second security fix for the iOS 14.4 update early in the New Year.

Related: Best iPhone

This is probably an update you shouldn’t wait too long to download. You can do so by heading to Settings > General > Software Update and following the instructions. As always, it’s a decent idea to have a recent back-up in your locker before going ahead with the update.

iOS 14.4 arrived in January and brought new Bluetooth features, enabling users to classify a device types like speakers or headphones. The iPhone camera app is also able to capture smaller QR codes while there’s also a bug fix for a keyboard issue that prevented the correct language appearing in the Messaging app.

Why trust our journalism?

Founded in 2004, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have 9 million users a month around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.