You know that age-old advice to wait before updating a device, just in case? Ignore that. Update your iPad now. Update your Apple Watch right now. Update your iPhone now. Don’t even finish this article, update your stuff and come back. Apple has just solved a major problem.
Apple today started rolling out iOS 1
Unfortunately, the vulnerability patched by Apple is a zero-day, meaning some bad actors have already taken advantage of it. Clement Lecigne of Google Threat Analysis Group and Billy Leonard of Google Threat Analysis Group first reported this under CVE-2021-1879. Apple admits on a support page that it is aware of at least one report that “this problem may have been actively exploited.”
The problem stems from the Webkit browser engine and allows malicious actors to perform universal cross-site scripting attacks by tricking users into visiting a maliciously crafted web page or other web content. A cross-site scripting attack allows the hacker to obtain information from other web pages you have opened on your iPad, iPhone or Apple Watch. If you think about that carefully, you can imagine how bad that could be.
You’ll be safe with the update (although you should still be careful when visiting new websites), so update your stuff now. You don’t want to postpone this. You can now start the updates by running an “update check” on each of your devices.