[ad_1]
Apple iPhone and iPad users, it’s time to install another iOS upgrade.
On Friday March 26, Apple released emergency updates for iOS and iPadOS to fix a zero-day flaw in WebKit, the browser rendering engine underlying Safari and other browsers running on the devices. Apple mobiles.
Apple’s security advisory dryly noted that “Apple is aware of a report that this problem may have been actively exploited” ie it is already being used to hack iPhones and devices. iPads. Updating the device to iOS 14.4.2 and iPadOS 14.4.2 fixes the issue.
“Zero day” security vulnerabilities are those that are used in attacks before software developers are aware of the vulnerabilities – developers have “zero days” to correct the vulnerabilities.
How to update your iPhone or iPad
Fortunately, updating an iPhone or iPad is a snap. In most cases, you will simply receive a notification that an update is ready. Tap on it to continue.
You can also force an update by making sure your device is connected to the internet through a local Wi-Fi network, then going to Settings> General> Software update and tapping Download & Install.
If there is no Wi-Fi available, you can attach your iDevice to a previously “trusted” computer using a USB cable. On Macs running macOS 10.15 Catalina or later, the phone should appear in Finder. On Macs running macOS 10.14 Mojave or earlier, open iTunes, where iPhone should appear.
Locate the iPhone page in Finder or iTunes, click General or Settings, then click Check for Updates. If an update appears, click Download and Update.
Very bad indeed
The flaw allows a malicious website or webpage to trigger “universal cross-site scripting” in WebKit, Apple says.
That would be really, really bad, because it means that people who don’t do good can embed code into websites that can redirect you to malicious websites or even steal information, such as passwords or numbers. credit card, from your browser.
This is the second emergency update for iPhones and iPads this month, following a patch earlier in March that fixed another WebKit flaw.
Apple said this new issue “has been addressed through better handling of object lifetimes,” although we can only really guess what that means.
Credit for finding the flaw went to Clément Lecigne and Billy Leonard, both researchers from Google’s threat analysis group.
We take a look at how our readers are using VPN for an upcoming in-depth report. We would love to hear from you in the poll below. It won’t take more than 60 seconds of your time.
>> Click here to start the survey in a new window <
[ad_2]
Source link