



(Photo courtesy of Jaap Arriens / NurPhoto, via Getty Images)

Hackers may be exploiting a previously unknown flaw in iOS.

On Friday, Apple issued a security patch for a vulnerability in iOS 14. This could pave the way for an attacker to execute malicious code on the iPhone. “Apple is aware of reports that the issue may have been actively abused,” the company warned.

Apple didn’t go into details, but the vulnerability is related to Safari’s browser engine, WebKit. Due to software errors, specially crafted web content can trigger WebKit to execute untrusted computer code in a browser, called a universal cross-site scripting attack.

Hackers could exploit this vulnerability by developing a booby trapped website. Links to malicious websites can be sent to unprotected victims via social media or email. Another exploit is for hackers to tamper with existing websites by secretly embedding malicious web content in their pages.

Through cross-site scripting attacks, hackers can steal Internet cookies and session tokens through the Safari browser, opening the door to account hijacking.

Two Google security researchers discovered the vulnerability and reported it to Apple. To patch this flaw, Apple states that it has “improved object lifetime management” within WebKit.

This vulnerability affects iPhone 6s and above, all iPad Pro models, iPad Air 2 and above, and iPad 5th generation and above. The company’s patches arrive as iOS 14.4.2 and iPad OS 14.4.2. To update your iPhone[設定]>[一般]>[ソフトウェアの更新]Go to. The device can also update automatically if you turn on automatic updates.

Apple has also released a patch for watchOS. It arrives as watchOS version 7.3.3.

