Security News > 2021 > March > Apple devices get urgent patch for zero-day exploit – update now!
Apple has just pushed out an emergency "One-bug" security update for its mobile devices, including iPhones, iPads and Apple Watches.
Just like the last emergency Apple patch, this vulnerability affects WebKit, Apple's core web browser code.
As a result, even browsers such as Firefox, as well as Google Chrome and Microsoft Edge, are forced to rely internally on WebKit when they run on Apple devices.
The Same Origin Policy dictates that only web content served up by website X is allowed to access stored data, such as web cookies, that relate to site X. As you probably know, web cookies and local web storage exist so that websites can keep track of you between visits.
As you can imagine, if website X could send out JavaScript code to access the cookies and local web data of website Y, that would be a security disaster.
You need to patch the vulnerability for yourself, because the bug is in your browser, not in any individual web server.
News URL
Related news
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- APTs have been using zero-day Windows shortcut exploit for eight years (ZDI-CAN-25373) (source)
- New Windows zero-day leaks NTLM hashes, gets unofficial patch (source)
- EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware (source)
- Apple backports zero-day patches to older iPhones and Macs (source)
- Microsoft April 2025 Patch Tuesday fixes exploited zero-day, 134 flaws (source)
- PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware (source)
- Patch Tuesday: Microsoft Fixes 134 Vulnerabilities, Including 1 Zero-Day (source)
- Apple fixes two zero-days exploited in targeted iPhone attacks (source)
- Apple plugs zero-day holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201) (source)