An emergency update has been created in response to a zero-day exploit which allows access to users private data through a browser bug on Apple mobile devices. Update your Apple mobile devices today including iPhones, iPads and Apple Watches, with Apple’s latest emergency patch. This includes older iPhone and iPad devices on IOS 12.
Apple have stated that the vulnerability is “Processing maliciously crafted web content that may lead to universal cross site scripting. Apple is aware of a report that this issue may have been actively exploited.”
Cross Site Scripting (XSS) is web security vulnerability which can allow an attacker to steal credentials and masquerade as a user, to carry out any actions that the user is able to perform, and to access any of the user's data. If successful, an attacker can gain full control of a user’s profile and/or application.
As this particular vulnerability is a universal XSS bug, it can affect all websites you visit on your device, rather than a specific site. To protect yourself from this exploit you will need to update your Apple devices as the bug is in your browser.
You will need to patch the vulnerability yourself by updating your own devices.
How to update your Apple Device:
To update your devices and check the latest install, go to Settings > General > Software Update.
If your device is on the following or previous versions, you will need to urgently update:
- iOS 14 (recent iPhones): update to 14.4.2
- iOS 12 (older iPhones and iPads): update to 12.5.2
- iPadOS 14: update to 14.4.2
- watchOS: update to 7.3.3
If you would like more information about how to secure your devices please call Sprout IT today on 020 7036 8530 or email us here.