iOS 14.4.2, iPadOS 14.4.2, iOS 12.5.2, and watchOS 7.3.3 Address Serious WebKit Issue
While we await iOS 14.5 and related updates, Apple has released iOS 14.4.2, iPadOS 14.4.2, and watchOS 7.3.3, as well as iOS 12.5.2 to address what appears to be yet another severe security vulnerability in WebKit:
Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been actively exploited.
These updates come just weeks after updates for another WebKit vulnerability (see “iOS 14.4.1, iPadOS 14.4.1, macOS 11.2.3 Big Sur, and watchOS 7.3.2 Address WebKit Security Vulnerability,” 8 March 2021). You know the vulnerability is concerning because Apple is also updating the obsolete iOS 12. We presume that iOS 13 didn’t receive an update because Apple assumes all devices running iOS 13 could update to iOS 14.
We recommend installing this update sooner rather than later.
Here’s how to install the updates:
- iOS 14.4.2 and iPadOS 14.4.2: Install the iOS 14.4.2 update (203.9 MB on an iPhone 11 Pro) from Settings > General > Software Update. The iPadOS 14.4.2 update weighs in at 129.2 MB on a 10.5-inch iPad Pro.
- watchOS 7.3.3: Open the Watch app on your iPhone and go to My Watch > General > Software Update. It’s a quick update (60.6 MB on an Apple Watch Series 4) but does require that the watch be on its charger and charged to at least 50%.
As always, let us know in the comments if you notice any other changes after installing.
Thanks for the heads-up. My phone (an iPhone 6+) is still running 12 and I stopped checking for updates a long time ago. 12.5.2 is now installing. And 14.4.2 is installing on my iPod Touch.
Stupid question – I’m running the Apple public betas of 14.5 and associated Apple Watch 7.4. They were both updated this week. Do we ever know if updates like this are also in there somewhere? Presumably they will be before 14.5 is released, but what about now? I am so used to Apple Watch enabling login on my iPhone without entering a passcode when I’m wearing a mask that I can’t go back!
No. Apple never comments on such things and unless you are an expert in reverse engineering the code, there is no way to verify.
This update seems to have turned on “automatic updates”! I prefer to choose when to update, after checking there are no problems experienced by early adopters.
Just checked my iPhone 7 and the update to 14.4.2 did not turn on ‘automatic updates’. On the other hand, it did freeze the phone with iTunes saying it couldn’t connect anymore, and the phone stuck in an installing mode with the white Apple and the progress bar 90% across the screen but not moving for hours. I restarted the phone to find 14.4.2 installed and all good, so that was weird.
Did not turn on automatic updates here.
One odd thing I did notice is that I’m pretty sure I tapped download and install, but after a while all I saw was download complete and a ‘install’ button. I tapped that and the install started. Why the extra tap? Not sure I recall this always having been this way. iPhone wasn’t plugged in, but it was at 99% battery. Odd.
Annoyingly, the “Install” button has almost always been coming up for me, for quite some time. However, occasionally not - 1 out of 4 devices didn’t in this last update.
Adds a bit of suspense to the update process!
In our house I had 2 iPads and 1 iPhone pause waiting for me to tap “install” and one iPhone that didn’t.
Mine has Automatic updates on for Download iOS updates but Install iOS Updates is greyed out. I never set that option on before. (typically, I will do the iTunes backup, and then update the iOS.)
I turned it off.
You and me both. However, it did not turn on download updates on the devices I monitor, so it did not turn on install updates. If “automatic updates” is something different, I’m not on the same wavelength.
On an iPhone SE (the new model), download and install did just that. On an old iPhone SE (the old model) and on an iPad Air2, I needed to tap install. In my case, the need to tap install was on two old devices, and there was no need on one new device. Coincidence or conspiracy?
I doubt either. I did this on the latest and greatest iPhone so the second tap definitely isn’t somehow just required on older devices.
What I am finding weird is that my iPad Mini 4 on 14.4 is reporting that it’s up to date. There have obviously been two updates since then. I’m probably going to try to update it by connecting to my MacBook and running the update that way but it’d be nice if it actually found the update and ran on its own.
My iPhone 6 is packed away due to a move as is my iPad Mini 4. Hopefully I’ll remember to update them once unpacked later this year!
Just had to cancel my watch update. It started at only 10 minutes to download but then jumped from 7 minutes left to 14. Next it decided to pausethe download saying it would restart when I connected my iPhone to WiFi; only problem was the phone WAS connected to WiFi! When it decided to resume downloading, it said it would only take 2 days to download, then switched to saying it would take 6 days! The WiFi is working just fine and the phone and watch were only a couple of millimeters apart.
Apple strikes again!
For those with Watch 3 and have problems updating (not enough free space), I found updating directly on the watch seems to solve this issue.
On an iPhone 6 a further install button came up, its more or less exact wording had a time countdown and was: Your iPhone will install the update in xx secs [Install NOW] [Cancel].
Once the time was up, the update started automatically.
Automatic update stayed off.
It seems to be difficult for Apple to do things totally identical across various hardware. Surely an update function can’t be relying on specific hardware, or can it?
Face ID has started working for me after I installed iOS 14.4.2. It stopped working a few weeks ago, and I attempted to use Reset Face ID (Settings > Face ID & Passcode) without success. The interface for Reset Face ID also seems to have changed slightly. I don’t think I’ve seen anything about this in release notes. (iPhone 12)
It’s inconsistent though. My wife and I have 2 iPhone XS, 2 identical iPad airs, and watch 5…all three of hers got auto update turned on and only my iPad.
OK, woke up early and tried again. This time it only took less than 10 minutes to download but took 30 minutes for “Preparing” then I had to tap “Install” after which it took at least 15 minutes.
Next I updated my iPhone 10 which didn’t take as long and last my iPad Mini 5. Automatic download has remained off on all 3.
Updated iPhone and iPad without trouble. Watch impossible, either from iPhone app or directly from settings on watch. Either way I get a message on iPhone saying “Software Update Failed: An error occurred downloading the latest version of watchOS on your Apple Watch.” Anyone else seeing this? Suggestions?
Two watches here updated overnight without problems. Maybe try power off and on for the watch (and phone, if that doesn’t work)
Thanks for suggestion; unfortunately neither thing helped.
Another irritating change in a recent (I think) iOS update is the way the iPhone displays incoming calls when unlocked. The default is now “Banner” whereas I am used to “Full screen”. Unfortunately answering a call with a banner is tricky with clumsy fingers!
Settings/Phone/Incoming Calls …
As I recall, when IOS 14 was introduced, most reviewers hailed the change to a banner for phone calls as an improvement, as it didn’t rudely destroy focus on whatever they were currently working on. However, if you dislike it, you can go back to the full-screen interruption following the instructions here.
Note that many times when Apple changes an interface element, you can go back to the previous default through a preference setting.
Update; after multiple attempts to download finally one took and I’m updated. I guess it was just like lining up for the vaccine…
I wonder if Apple is seeing perturbations in its content delivery network, since I suffered from download failed errors on my M1 MacBook Air with macOS 11.2.3 for weeks. Eventually it managed to download, but nothing I could do made any difference (and other Macs updated fine). Your experience sounds similar, albeit with watchOS instead of macOS.
Both my iPhone 7 Plus and 6th generation iPad updated successfully, but accidentally, without a problem. I could not tell you how long it took, as they updated overnight, as they were charging. My preferences for updates remained the same; for automatic updates, Download iOS Updates is toggled to green and Install iOS Updates is toggled to gray. Which in my mind, I believe, will give me a badge that there is an update, have the update downloaded and ready to install, but not perform the update until I tell the device to do so. Which in practice never seems to happen, or happens inconsistently on both devices. Sometimes I get a badge, sometimes I don’t. Sometimes I get a download, sometimes I don’t. Sometimes I get a message saying it tried to update, but I was not plugged in and connected to Wi-Fi. Whenever I get that message the device always asks me if I want to update now, which I say no, and then has me enter my password to update overnight when plugged in and connected to Wi-Fi. I really don’t want that, but I don’t see a way of getting out of the screen without typing in my password, but as I usually charge my devices during the day, I am never too concerned that the the overnight update will take place; except for this time and on both devices. What exactly are the Software Update settings supposed to do? From reading all the above comments, it looks like each device seems to have a mind of its own regardless as to how the settings are toggled, or each person is readying something different into what the dialog boxes state (which is mostly the case for me).