Two weeks after the release of the iOS 14.4.1 update, Apple released an emergency update for iPhone, iPad, and Apple Watch, fixing a system security vulnerability that was likely to be exploited in a hacker attack. The patch will update the system version to 14.4.2 for iOS and iPadOS and to 7.3.3 for watchOS. Older devices will be updated to iOS 12.5.2.
According to Apple, the vulnerability discovered by security researchers from Google Project Zero could be "actively exploited" by hackers. The bug was found in the WebKit browser engine, which is the basis of the Safari browser on all Apple devices.
According to the Cupertino company, all users are recommended to urgently install the iOS 14.4.2 update as it patches a severe vulnerability of the Webkit engine for the Safari browser. Due to this flaw, attackers could gain access to private user data. It doesn't matter if you are using Safari or another third-party browser. In addition to iOS 14.4.2, Apple also released iPadOS 14.4.2 with a similar patch that fixes security vulnerabilities.
In addition, Apple has released corresponding security updates for iOS and iPadOS 12.5.2 for older devices, such as iPad Air, iPad mini 2, iPad mini 3, iPhone 5s, iPhone 6, iPhone 6 Plus and iPod touch 6th generation.
The company did not disclose who exploited the vulnerability and who might have been the victim, or whether the attack targeted a small group of users or was a broader attack. However, the fixed security vulnerability could expose the personal information of users to potential hackers. This is Apple's third security update this year.