You are here

HomeJohn Lister › Major Apple Bug Threatens Browser Security

Major Apple Bug Threatens Browser Security

John Lister's picture
by John Lister on March, 30 2021 at 01:03PM EDT

Apple has warned users to check their portable devices to ensure they are up to date. A bug that affects iPhones, iPads and Apple Watches may already be under attack by hackers.

The bug affects WebKit, which is the underlying software for Safari and any other web browsers which use Apple's operating system iOS. Specifically, it covers the way web content appears and the way browsers keep track of which sites a user has recently visited, allowing features such as the browser back button to work properly.

Apple isn't giving many details of exactly how the bug works or could be exploited, which is common practice when there's still a risk it could be exploited before users are patched.

Browser Itself a Danger Point

All Apple is saying right now is that "processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been actively exploited." (Source: apple.com)

Ordinary cross site scripting takes advantage of a compromised web page to access data through a web browser. This could mean attackers getting information from cookies or posing as the user on other sites. It also helps make some social engineering attacks more convincing and easier to pull off, which could lead to malware attacks.

The problem here is universal cross site scripting (XSS). That's particularly problematic as it means exploiting a bug in a browser or associated software, rather than a web page. That can mean attackers getting access to information exchanged with multiple websites even if those sites are themselves secure.

Most Apple Devices Updatable

Users need to check their devices via the Settings Tool -> Software Update option to ensure devices are updated. The correct patch level is iOS 14.4.2 or Apple Watch OS 7.3.3, which includes a fix for the bug. The update is available for the following devices:

  • iPhone 6s and later iPad Pro (all models)
  • iPad Air 2 and later
  • iPad 5th generation and later
  • iPad mini 4 and later
  • iPod touch (7th generation)
  • Watch Series 3

    In all cases, the update should roll out automatically. (Source: techradar.com)

    What's Your Opinion?

    Do you use Apple portable devices? Do you assume they are more secure than rival brands and systems? Do you check manually for updates or just leave it to update automatically?

    • Filed under:
    Security
    | Tags:
    bug
    ,
    devices
    ,
    ipad
    ,
    security update
    ,
    apple
    ,
    web
    ,
    xss
    ,
    cross site scripting
    ,
    ios
    ,
    security
    Rate this article: 
    Average: 5 (9 votes)

    Comments

    dbrumley3077's picture

    Submitted by dbrumley3077 on Tue, 03/30/2021 - 16:08

    I generally wait for information on iOS updates from a site such as this, unless it is a critical update, in which case I will update the OS. I do not use auto updates in case of a bug or other issue that may have infected an update.

    I have an iPhone SE which did get this update, but I do not see it listed in your article, nor is my iPhone X, which also got the update.

    Need Help? Ask!



    My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 20 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).

    We are BBB Accredited

    We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.