iOS 14.4.2, iPadOS 14.4.2, iOS 12.5.2, and watchOS 7.3.3 Address Serious WebKit Issue

While we await iOS 14.5 and related updates, Apple has released iOS 14.4.2, iPadOS 14.4.2, and watchOS 7.3.3, as well as iOS 12.5.2 to address what appears to be yet another severe security vulnerability in WebKit:

Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been actively exploited.

iOS 14.4.2 release notesThese updates come just weeks after updates for another WebKit vulnerability (see “iOS 14.4.1, iPadOS 14.4.1, macOS 11.2.3 Big Sur, and watchOS 7.3.2 Address WebKit Security Vulnerability,” 8 March 2021). You know the vulnerability is concerning because Apple is also updating the obsolete iOS 12.  We presume that iOS 13 didn’t receive an update because Apple assumes all devices running iOS 13 could update to iOS 14.

We recommend installing this update sooner rather than later.

Here’s how to install the updates:

  • iOS 14.4.2 and iPadOS 14.4.2: Install the iOS 14.4.2 update (203.9 MB on an iPhone 11 Pro) from Settings > General > Software Update. The iPadOS 14.4.2 update weighs in at 129.2 MB on a 10.5-inch iPad Pro.
  • watchOS 7.3.3: Open the Watch app on your iPhone and go to My Watch > General > Software Update. It’s a quick update (60.6 MB on an Apple Watch Series 4) but does require that the watch be on its charger and charged to at least 50%.