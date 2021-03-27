If you own an iGadget, chances are you are receiving notification of a new update to your operating system. We have good news and bad news – the bad news is that the update will not bring any new features or performance improvements to your device. The good news is that it will fix a critical security flaw that, according to Apple itself, criminals are already exploiting to attack unprotected users; that said, Canaltech recommends that you update immediately.

There are three updates in total: iOS 14.4.2 (for newer iPhones), watchOS 7.3.3 (for Apple Watch smart watches) and iOS 12.5.2 (for older iPhones, including iPhone 6, iPhone 5s, the third generation iPad mini, the first generation iPad Air and the sixth generation iPod touch). The fact that Apple struggled to develop a patch even for such old gadgets – which are also exposed to the bug – is just another proof of how serious it is.

The problem lies with WebKit, the rendering engine used to render web pages. It is used in Safari, but it has also been “borrowed” and is present in other famous browsers such as Opera, Chrome and OmniWeb. The vulnerability allows an attacker to launch arbitrary cross-site scripting (XSS) attacks, allowing malicious code to be executed even on legitimate and trusted sites. Everything indicates that this is already happening; that is the importance of updating as quickly as possible.

It is worth remembering that watchOS does not have a browser itself, but it is possible to browse the web with it if someone sends you a link via a messenger; thus, we can conclude that this “hidden browser” also uses WebKit and, therefore, is equally vulnerable. The updates are very light, ranging from just over 50 MB for watches to around 170 MB for iPhones and iPads.