TeamHood 
Apple has released security patches to address an iOS zero-day vulnerability which is being actively exploited in the wild and affecting iPhone, iPad, iPod, and Apple Watch devices.
“Apple is aware of reports that an exploit for this issue exists in the wild,” the company said in a security advisory published today.
CVE-2021-1879 was reported by Clement Lecigne of Google Threat Analysis Group and Billy Leonard of Google Threat Analysis Group.
The zero-day was discovered in the Webkit browser engine and allows attackers to launch universal cross-site scripting attacks after tricking targets into opening maliciously crafted web content on their devices.
The list of affected devices includes:
- iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).
- iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation)
- Apple Watch Series 3 and later
The zero-days were addressed by Apple earlier today by improving the management of object lifetimes in iOS 14.4.2, iOS 12.5.2, and watchOS 7.3.3.
