The company did not disclose the number of users who were affected. Apple employees urge everyone to update their devices.
Kiev. Ukraine. Ukraine Gate – March 29, 2021 – Technology
Apple has released a small security update for iPhone, iPad, and Apple Watch. It blocks “maliciously crafted web content that leads to universal cross-site scripting.” According to company representatives, this vulnerability has already been exploited in real attacks.
XSS (cross-site scripting) is a type of attack that occurs when an attacker tries to inject a script into a page issued by a web application and execute it in the client’s browser. This is usually done when new HTML, JavaScript, or CSS markup is being injected. There are plenty of places in HTML where you can add an executable script to a page, and browsers provide many ways to do this. Any input to the web application, such as HTTP request parameters, is capable of injecting code.
Apple said the vulnerability that security researchers discovered in Google Project Zero may have been “actively exploited” by hackers. The bug was found in WebKit, the browser engine that powers the Safari browser on all Apple devices.
It is not known who actively exploits vulnerabilities or who could become a victim. Apple did not say how many users might have been affected. This is the third time that Apple has released a security-only update this year to fix flaws in an active attack. Earlier this month, the company released patches for similar vulnerabilities in WebKit.
Read Also: Apple Opens Another Vacancy in Ukraine
Source: Ukrgate
