Apple has released iOS 14.4 with security fixes for three vulnerabilities, said to be under active attack by hackers.
The technology giant said in its security update pages for iOS and iPadOS 14.4 that the three bugs affecting iPhones and iPads “may have been actively exploited.” Details of the vulnerabilities are scarce, and an Apple spokesperson declined to comment beyond what’s in the advisory.
Apple explains in a security document that the minor update iOS 14.4.2 and iPadOS 14.4.2 blocks “maliciously crafted web content [that] may lead to universal cross site scripting.” This means a malicious website could gain access to information on other pages you have open on your device. Older devices can download iOS 12.5.2, which includes a similar patch.
Apple goes on to add that this vulnerability has already been exploited, although further details aren’t available.
Installing the update is simple: Launch Settings on your device, tap General, then Software Update. If your iPhone or iPad hasn’t already auto-installed the update, iOS or iPadOS 14.4.2 should be ready and waiting.
This security fix is available for iPhone 6s and later on the 14.4.2 patch, while 12.5.2 covers devices dating as back as iPhone 5S from 2013, which looks like solid support in our book.