Apple releases iOS and macOS updates patching a WebKit vulnerability
Apple has recently released updates to iOS and macOS. The update fixes a memory corruption issue within WebKit, Safari browser's underlying framework. The vulnerability may have allowed web pages to execute code on your device using "maliciously crafted web content." The company says that updating to iOS version 14.4.1 and macOS version 11.2.3 is important and recommended for all users.
Update prevents jailbreaking of Apple devices using unc0ver utility
Do note that updating to iOS version 14.4 prevents jailbreaking of devices using the recently released utility from hacker group unc0ver. A bug in iOS 14.3 allowed an application to escalate its privileges without user consent. The privileges could then bypass Apple's baked-in security. This loophole was leveraged by unc0ver. The jailbreak utility only works for iOS versions 11 through 14.3.
Threat was identified by security researchers at Google and Microsoft
The brief release notes for the update instruct users to visit the Apple security webpage for details. The web page details the vulnerability, uniquely identifiable by the code CVE-2021-1844. It says a memory corruption issue was addressed with improved validation. The threat was identified by security researchers, Clément Lecigne of Google's Threat Analysis Group and Alison Huffman from Microsoft Browser Vulnerability Research.
These are the devices for which the update is available
The iOS update is available for iPhone 6S and later, iPad Air 2 and later, iPad mini 4 and later, and the seventh-gen iPod touch. To install the update on your device, navigate to the Settings app > General > Software Update. The macOS update can be installed by opening the System Preferences menu and clicking on Software Update.
WebKit framework enables Apple apps to use web-based features
Apple's WebKit framework enables applications designed for the Apple ecosystem to display web-based content scripted in languages such as HTML, CSS, and JavaScript. It allows users to navigate between pages, manage a forward-backward list of recent web pages, and use other features on web-based apps. As WebKit affects the functioning of all apps, the vulnerability couldn't be fixed by just a Safari browser update.
