iOS 14.4.2, iPadOS 14.4.2 and watchOS 7.3.3

enaph

Level 28
Thread author
Verified
Honorary Member
Top Poster
Well-known
Jun 14, 2011
1,787
Released March 26, 2021

WebKit

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been actively exploited.

Description: This issue was addressed by improved management of object lifetimes.

CVE-2021-1879: Clement Lecigne of Google Threat Analysis Group and Billy Leonard of Google Threat Analysis Group
 

MacDefender

Level 16
Verified
Top Poster
Oct 13, 2019
779
I would honestly jump on these "dot release" updates where the changelog basically only mentions 1 or 2 security bugs that are "actively exploited". That seems to be Apple speak for "drive by exploits". The releases that have a bunch of features/improvements mentioned are worth holding off on a little, but as a security minded person, these should be treated the same way you'd treat an out-of-band Microsoft security update.
 

enaph

Level 28
Thread author
Verified
Honorary Member
Top Poster
Well-known
Jun 14, 2011
1,787
F

ForgottenSeer 85179

Updated my iPhone XS Max to iOS 14.4.2

Downloaded the full software from Download iOS Firmware for iPhone, iPad, iPod Touch, Apple Watch, Apple TV and HomePod / IPSW Downloads and then updated using iTunes. That way I can download the software files using IDM for the best download speed.
It doesn't make sense doing this. Loading full update instead of OTA need more time and consume more power for no advantage.
Using external tools for important OS updates is also a lot higher attack surface ❗

This should never be done over PC if not necessary.
 

Divine_Barakah

Level 29
Verified
Top Poster
Well-known
May 10, 2019
1,854
It doesn't make sense doing this. Loading full update instead of OTA need more time and consume more power for no advantage.
Using external tools for important OS updates is also a lot higher attack surface ❗

This should never be done over PC if not necessary.
I have been using iPhones since 2015 and installing updates over OTA has always caused issues and bugs, at least for me. The site, which I have been using for years, fetches updates directly from Apple, and iTunes does verify the update file which is signed by Apple. I am not sure if you thought that I used “external tools” meaning sth other than iTunes, but what I did is sth that consumes time but spares me from annoying bugs and unwanted issues.
 

jetman

Level 10
Verified
Well-known
Jun 6, 2017
470
I understand that Apple has also patched iOS 12 due to this issue, presumably to help protect unsupported devices.
So I think this security update must be pretty important. It also suggests that iOS has been vulnerable for several years.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top