Apple pushes iOS 14.4.2 to fix security flaw that could be exploited by malicious websites

After pushing iOS 14.4.1 update several weeks back to address a web browser security issue, Apple has just pushed a new iOS 14.4.2 update to address another security concern. This comes after Google Project Zero had discovered 11 zero-day exploits that are being actively used to hack Android, Windows and iOS devices.

For older devices that can’t support iOS 14 like the iPhone 6 or older, Apple is also pushing iOS 12.5.2 which also addresses the same security concerns. If you haven’t received any notification, just go to Settings > General > Software Update to download iOS 14.4.2. The iOS 14.4.2 update is about 200MB in size.

According to Apple’s description, the new update impacts “Processing maliciously crafted web content may lead to universal cross site scripting”. It added that Apple is aware of a report on the issue that may have been actively exploited. They have credited Clement Lecigne and Billy Leonard of Google Threat Analysis Group.

As reported earlier, Google’s Project Zero Team had discovered several exploits where a couple dozen of websites could redirect vulnerable users to exploit servers. There’s a server that’s dedicated to attack iOS and Windows users while another was focused on Android users. The team also reported that the hackers had “advanced knowledge” to bypass the security systems of “well-fortified OSes and apps that were fully patched”.

Related reading

Alexander Wong