Recently, two different security researchers (Clement Lecigne of Google’s Threat Analysis Group, and Alison Huffman from Microsoft’s Browser Vulnerability Research Group) discovered a pair of serious security vulnerability impacting Apple devices.
The bugs, tracked as CVE-2021-1844 and CVE-2021-21166 respectively, are browser-based memory issues that could have allowed remote code execution if the victim navigated or was directed to a website embedded with malicious code.
Apple moved quickly and issued a patch for the first, and the second was actually an issue in Google Chrome for Apple users, patched with the release of Chrome 89. Apple’s iOS updates are available for the iPhone 6 and later, the iPad Air 2 and later, the iPad mini 4 and later, and the iPod touch (7th Generation). The Apple releases you want are: macOS Big Sur 11.2.3, iOS 14.4.1, and iPad OS 14.4.1, depending on the type of device you have.
iOS 14.4.1 is the version containing the bugfix, and although there’s no evidence of either bug being used in the wild, it’s just a matter of time before that happens. So if you haven’t already updated to that version of iOS, you’ll want to make doing so a priority. Note too that the update is 138MB and is quite significant. It contains a number of small enhancements, in addition to the bug fix itself.
Kudos to Apple, Google, and Microsoft for their keen eyes and rapid responses in this case. These issues, and their accompanying security patches certainly won’t be the last such issues we see this year. In this case though, the responses of all three companies were exemplary and should serve as an example to everyone.
In any case, if you have already updated as described above, there’s nothing else for you to do. If you haven’t yet, do so at your next opportunity, and you’ll have one less thing to worry about.
