Apple has released iOS 14.4.1 and iPadOS 14.4.1 with important security bug fixes.
The update fixes a vulnerability in WebKit, which allowed maliciously crafted web content to execute arbitrary code. The changelog doesn’t mention anything other than “this update provides important security updates and is recommended for all users.”
Apple’s security page now includes information about iOS 14.4.1 and iPadOS 14.4.1. The page mentions the now-patched WebKit vulnerability:
- Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: A memory corruption issue was addressed with improved validation.
- CVE-2021-1844: Clément Lecigne of Google’s Threat Analysis Group, Alison Huffman of Microsoft Browser Vulnerability Research
To download the software update on an eligible iPhone or iPad, tap on the Settings app, go to General, and then Software Update.