Apple issued an emergency fix earlier this month for WebKit with iOS 14.4.1, Big Sur 11.2.3, and Watch OS 7.3.2. Now it has issued a second emergency patch for another WebKit vulnerability, which is the engine that underlies much website and HTML processing, most notably for Safari. This vulnerability, discovered by Google, addresses an issue where,
Impact: Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been actively exploited.
Description: This issue was addressed by improved management of object lifetimes.Apple
To resolve this, you’ll need to update your iOS device to iOS 14.4.2 or older iOS devices to iOS 12.5.2 and your Apple Watches to WatchOS 7.3.3.
Interestingly, as of the time of this writing there are not patches for Mac OS or Safari for Mac OS. It’s possible that the patches are still coming, or that Mac OS is not currently affected by this bug. This article will be updated should a patch be released.
You can see all the security patches on Apple’s security release page: https://support.apple.com/en-us/HT201222