Apple today released iOS 14.4.2 and iPadOS 14.4.2, both minor security updates that fix a security vulnerability that has been actively exploited. The updates come nearly three weeks following the release of iOS 14.4.1 and iPadOS 14.4.1.
iOS 14.4.2 and iPadOS 14.4.2 are available as an over-the-air update on eligible devices, in the Settings app. To access the new software, go to “Settings” -> “General” -> “Software Update.”
According to Apple’s release notes, the update offers important security updates and is recommended for all users. An Apple security support document says that the update fixes a vulnerability that was actively exploited.
Impact: Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been actively exploited.
Apple has fixed the issue by improved management of object lifetimes.
iOS 12.5.2 and iPadOS 12.5.2 security updates are available for older devices.