Apple has unexpectedly released iOS 14.4.1, which fixes a vulnerability in WebKit, so that malicious web content won’t have its way. Apple describes this as “A memory corruption issue was addressed with improved validation”.
The security updates to iOS 14.4.1, iPadOS 14.4.1, macOS 11.2.3 and watchOS 7.32 come a little over a month after the 14.4 release in January.
A Common Vulnerabilities and Exposures number has been created for the vulnerability — CVE-2021-1844 — but as of now, further details have not been disclosed. Apple credited the discovery of the vulnerability to Clément Lecigne of Google LLC’s Threat Analysis Group and Alison Huffman of Microsoft Corp.’s Browser Vulnerability Research team.
Although Apple as usual is a little vague on how serious the vulnerability is, its release of an update without going through developer or public testing suggests it’s a serious vulnerability that needed to be urgently addressed. The unexpected update also comes before the release of iOS 14.5, which is currently in its beta 3 build and is expected to be released sometime later this month.
Apple is encouraging all iPhone, iPad, Mac and Apple Watch users to install the update. The updates are available for iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, iPod touch (7th generation), macOS Big Sur and Apple Watch Series 3 and later.
iOS 14.4.1 is available as a free software update starting today for iPhone 6s and later. If you don’t receive an automatic update notification, you can trigger the update manually by navigating to Settings > General > Software Update.