I know there’s a ton of other Apple news happening today, but if you’re reading it on a Mac, iPhone, iPad, or Apple Watch (okay, that last one might be a stretch) you should probably pause and update that device – the update today, a security vulnerability fixes that Apple says possibly actively exploited.
The updates in iOS / iPadOS 14.5.1, macOS 11.3.1, and watchOS 7.4.1 are intended to fix arbitrary code execution exploits present in WebKit, Apple’s framework that renders most of the web content you see on your device (unless you’re using Chrome or Firefox on Mac, for example). In normal language, the updates patch a hole that allows malicious websites to run unchecked code on your device, so this is not the type of update you want to postpone.
If you have an older device, such as an iPhone 5 or 6, iPad Air or Mini 2 and 3, Apple has also released iOS 12.5.3, which fixes WebKit’s flaws.
If this story sounds a bit familiar, it’s because there are two recent updates, iOS 14.4 and 14.4.2, that have patched similar vulnerabilities. Even if you think you shouldn’t update because you’re using an alternate web browser on your Mac, or aren’t surfing the web on your Apple Watch (for obvious reasons), it’s still worth checking out all the devices you have. Working – WebKit can be used in unexpected places, and it’s never good to have security holes open on your devices, especially if exploited.