Apple has released updates for most of its current operating systems—iOS 14.4.1 and iPadOS 14.4.1, macOS Big Sur 11.2.3, and watchOS 7.3.2—to address a single security issue in WebKit that could let attackers execute arbitrary code from a Web page. Separately, Apple updated Safari 14.0.3 (8 March 2021) to new builds for 10.15 Catalina and 10.14 Mojave.
The language in the security notes linked above is standard phrasing, but the fact that Apple would update all its operating systems and the relevant bits in Catalina and Mojave suggests that the vulnerability is serious.
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A memory corruption issue was addressed with improved validation.
If you’re already running the latest versions of Apple’s operating systems, we recommend installing these updates sooner rather than later due to their narrow scope and the likely severity of the vulnerability.
Here’s how to install the updates:
- iOS 14.4.1 and iPadOS 14.4.1: Install the 143.6 MB iOS 14.4 update (on an iPhone 11 Pro) from Settings > General > Software Update. The iPadOS 14.4 update weighs in at 84.1 MB on a 10.5-inch iPad Pro.
- macOS Big Sur 11.2.3: Use System Preferences > Software Update to install the 2.44 GB update.
- watchOS 7.3.2: Open the Watch app on your iPhone and go to My Watch > General > Software Update. It’s a quick update (60.4 MB on an Apple Watch Series 4) but does require that the watch be on its charger and charged to at least 50%.