You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: thompsojDplc
thompsojDplc Author
User level: Level 1
4 points

What is the update include 14.4.2

14.4.2 what does it include and how does it effect my phone

iPhone XR, iOS 14

Posted on Mar 27, 2021 4:58 AM

Reply
Question marked as Top-ranking reply
User profile for user: TRF77T
TRF77T
User level: Level 1
11 points

Posted on Mar 27, 2021 5:27 AM


This update, per the notes, improved management of web object lifetimes based on a report by Google security team members.


While connected to maliciously crafted web content there was a risk of universal cross site scripting that could compromise your data. Apple became aware via that report - this particular issue “may have been actively exploited”.


So no definite knowledge of malware exploiting it in the wild - but it is wise to do the update to avoid being a Day 0 victims somewhere down the road. Such “double dot” updates will be rolled-up into 14.5 anyway, but you’d be exposed to a real-world update in the meantime.

View in context

Similar questions

3 replies
Question marked as Top-ranking reply
User profile for user: TRF77T
TRF77T
User level: Level 1
11 points

Mar 27, 2021 5:27 AM in response to thompsojDplc


This update, per the notes, improved management of web object lifetimes based on a report by Google security team members.


While connected to maliciously crafted web content there was a risk of universal cross site scripting that could compromise your data. Apple became aware via that report - this particular issue “may have been actively exploited”.


So no definite knowledge of malware exploiting it in the wild - but it is wise to do the update to avoid being a Day 0 victims somewhere down the road. Such “double dot” updates will be rolled-up into 14.5 anyway, but you’d be exposed to a real-world update in the meantime.

Reply
User profile for user: RTV AUDIO VISUAL
RTV AUDIO VISUAL
User level: Level 1
4 points

Mar 29, 2021 4:21 PM in response to TRF77T

ipad 12.9 pro


just obtained an update 1-2 weeks ago, was this exploit missed? Emulating this update, it appears, email and other installed apps focused on social media and some browsers have issues if revisions/ patches are applied. Appears issues with telephone communications might occur where IPhone/ IPad/ Mac OS are linked through ICloud services. Also noted, on iMac a new remote support service/ Chinese language support/ etc. etc.... exist that previously did not exist on Imac, late 2013 model 27inch. Core i5. This is cache support which was not ever requested by the end user. Having edited this out of the OS user profile, it’s stands to reason why one might ask specifics be provided.


reference;

https://www.technologyreview.com/2021/03/26/1021318/google-security-shut-down-counter-terrorist-us-ally/


and;


https://bgr.com/2021/03/29/iphone-security-update-ios-14-4-2-ios-12-5-2-safari-webkit-zero-day/


cc: DHS, NSA; osbpp; et al...





Apple can you provide more specifics please?

Reply

What is the update include 14.4.2

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up