Apple has released iOS 14.4.1 and iPadOS 14.4.1. This minor security update patches a vulnerability in WebKit, Safari’s rendering engine, that can be exploited to execute arbitrary malicious code.
The vulnerability in WebKit can lead to memory corruption while processing maliciously crafted content, which can be exploited to execute arbitrary malicious code, but now this loophole has been closed.
Here is the change log
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A memory corruption issue was addressed with improved validation.
CVE-2021-1844: Clément Lecigne of Google’s Threat Analysis Group, Alison Huffman of Microsoft Browser Vulnerability Research
The download should already be available to all of the supported iPhones and iPads and it is recommended that you install the new iOS 14.4.1 and iPadOS 14.4.1 updates on your devices. You can also check for the update manually through Settings > General > Software Update.
Apple says that the company cannot disclose, discuss, or confirm security issues until an investigation is complete and patches are rolled out to all users. Apple has also addressed the same memory corruption issue on Mac computers running on macOS Catalina and macOS Mojave by bringing Safari 14.0.3.
We are also expecting Apple to release iOS 14.5 later this month, so this update must be important, otherwise, Apple could have waited until iOS 14.5 to fix the issue.
