Major Apple Bug Threatens Browser Security

John Lister's picture

Apple has warned users to check their portable devices to ensure they are up to date. A bug that affects iPhones, iPads and Apple Watches may already be under attack by hackers.

The bug affects WebKit, which is the underlying software for Safari and any other web browsers which use Apple's operating system iOS. Specifically, it covers the way web content appears and the way browsers keep track of which sites a user has recently visited, allowing features such as the browser back button to work properly.

Apple isn't giving many details of exactly how the bug works or could be exploited, which is common practice when there's still a risk it could be exploited before users are patched.

Browser Itself a Danger Point

All Apple is saying right now is that "processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been actively exploited." (Source:

Ordinary cross site scripting takes advantage of a compromised web page to access data through a web browser. This could mean attackers getting information from cookies or posing as the user on other sites. It also helps make some social engineering attacks more convincing and easier to pull off, which could lead to malware attacks.

The problem here is universal cross site scripting (XSS). That's particularly problematic as it means exploiting a bug in a browser or associated software, rather than a web page. That can mean attackers getting access to information exchanged with multiple websites even if those sites are themselves secure.

Most Apple Devices Updatable

Users need to check their devices via the Settings Tool -> Software Update option to ensure devices are updated. The correct patch level is iOS 14.4.2 or Apple Watch OS 7.3.3, which includes a fix for the bug. The update is available for the following devices:

  • iPhone 6s and later iPad Pro (all models)
  • iPad Air 2 and later
  • iPad 5th generation and later
  • iPad mini 4 and later
  • iPod touch (7th generation)
  • Watch Series 3

    In all cases, the update should roll out automatically. (Source:

    What's Your Opinion?

    Do you use Apple portable devices? Do you assume they are more secure than rival brands and systems? Do you check manually for updates or just leave it to update automatically?

  • Rate this article: 
    Average: 5 (9 votes)


    dbrumley3077's picture

    I generally wait for information on iOS updates from a site such as this, unless it is a critical update, in which case I will update the OS. I do not use auto updates in case of a bug or other issue that may have infected an update.

    I have an iPhone SE which did get this update, but I do not see it listed in your article, nor is my iPhone X, which also got the update.