Apple has fixed a zero-day vulnerability exploited in the wild in the latest security updates for iOS iOS 14.4.2, iPadOS 14.4.2, and watchOS 7.3.3.
An attacker could exploit this vulnerability to take control of affected devices.
The latest iOS 14.4.2 and iPadOS 14.4.2 security update addressed one webkit vulnerability CVE-2021-1879.
“Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been actively exploited,” Apple stated in the advisory.
The update is available for iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).
Moreover, Apple also patched the same CVE-2021-1879 in Apple watchOS 7.3.3 and iOS 12.5.2 (in older iPhone models).