Apple has just pushed out an emergency “one-bug” security update for its mobile devices, including iPhones, iPads and Apple Watches. Even users of older iPhones and iPads who are still on the officially-supported iOS 12 version need to patch.
Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been actively exploited.
This vulnerability affects WebKit, Apple’s core web browser code. A security flaw in WebKit affects any browser you have installed, including Apple’s built-in Safari app, and could affect many other apps if they have any program options that pop up a web window to show you information.
Moreover, all websites you visit are affected by the bug, at least in theory, including sites with no security holes of their own. You need to patch the vulnerability for yourself, because the bug is in your browser, not in any individual web server. You can’t sidestep the bug simply by avoiding specific web servers until they get patched.
Update to following versions:
To check whether you have the latest version, and to install it right away if you don’t, go to Settings > General > Software Update.