Apple today released iOS 14.4.2 and iPadOS 14.4.2. The update is available for the iPhone 6s and later, all iPad Pro models, the iPad Air 2 and later, the iPad 5th generation and later, iPad mini 4 and later, and the iPod touch (7th generation).
You should not waste time as it is in your best interest to install this update ASAP. That’s because Apple says that with this issue not fixed, “maliciously crafted web content may lead to universal cross site scripting.” This could allow attackers to load scripts into websites that you’ve previously opened.
Depending on the website that is attacked, the universal cross site scripting could result in a range of issues from those that are nothing more than a nuisance to those that are serious safety concerns including the theft of a user’s personal data. Apple did say on its support page that it is “aware of a report that this issue may have been actively exploited.” To fix the exploit, Apple reported “This issue was addressed by improved management of object lifetimes.”
Earlier this month Apple released iOS and iPadOS 14.4.1 to repair an issue with the WebKit open source browser engine that powers Safari, Google Chrome, and many other mobile browsers. To Download and Install iOS or iPadOS 14.4.2 on your compatible iPhone, iPad or iPod device, go to Settings > General > Software Update. For older devices, Apple has released the security updates as iOS 12.5.2 and iPadOS 12.5.2.