Security News > 2021 > March > Patch alert for Apple fans: Cybercrooks have already been exploiting this flaw in iPhones, iPads, and watches

Apple has issued critical security patches for all supported phones, fondleslabs, and watches after being alerted to multiple possible intrusions by Google.

According to Apple, the flaw allows for the creation of "Maliciously crafted web content," which "May lead to universal cross-site scripting." Apple has heard that the code snafu "May have been actively exploited."

Cupertino also warned iOS 12.5.2 users with older kit - iPhone 5s, 6, and 6 Plus holdouts, and those using the same code on an iPad - to update for the same flaw.

On Thursday Cisco urged Jabber users to patch immediately after the discovery of flaws that allow code execution, data theft, and/or simply crashing the entire system, along with a couple of serious OpenSSL issues for good measure.

"Sierra Wireless maintains a clear separation between its internal IT systems and its customer-facing products and services. Sierra Wireless believes that the impact of the attack was limited to Sierra Wireless' internal systems and corporate website, and that its products and connectivity services were not impacted, and its customers' products and systems were not breached during the attack," it said.

Google didn't just help sort its own zero-day flaws, but those of Microsoft and Apple as well.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/03/29/in_brief_security/