Apple releases unexpected updates for WebKit vulnerability

Get a free Techzine subscription!

Apple released software updates on Monday for its iPhone, Mac computers, iPads, and Apple Watch product lines. The updates were to address a vulnerability in the WebKit engine which powers the Safari browser.

The security updates come a little over a month after the release of iOS 14.4 in January. They include iOS 14.4.1, iPadOS 14.4.1, macOS 11.2.3 and watchOS 7.32. They address a memory corruption problem in the WebKit, according to Apple.

The vulnerability allows malicious web content capable of exploiting the WebKit vulnerability to get into the devices.

Apple is not telling but it seems the flaw was serious

Even though the flaw has already been assigned a Common Vulnerabilities and Exposures number, no further details have been provided by the company.

The vulnerability is tracked as CVE 2021-1844. Apple credited the discovery to Clément Lecigne, of Google’s Threat Analysis Group and Alison Huffman of Microsoft’s Browser Vulnerability Research team.

Apple is a little vague on how serious the vulnerability was. However, since it chose to release an update without going through a developer or any testing, we can only assume that it must have been serious enough to warrant a response like this.

Install the update

The unexpected update comes before the company release iOS 14.5, which is currently in its beta 3 build and is expected to roll out before April.

Apple is encouraging all iPhone 6 and later owners as well as those with the iPad Air 2 and later, iPad mini 4 and later, iPod touch (7th Gen), macOS Big Sur, and Apple Watch Series 3 and later, to install the new update.

The updates can be installed on iOS and iPad manually from the settings app. Mac users need to go to the System Preferences menu and Apple Watch users can use ‘My Watch’ to install the update.