At one time in the not-too-distant past Apple had a rep among tech types for being notably secure. Over time, hackers and creators of malicious software took that reputation as a challenge, sometimes with success, like when researchers recently discovered a real danger to iOS that demands the iPhone and iPad both be updated immediately to iOS and iPadOS 14.4.2.
Here's how Apple describes the security issue:
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been actively exploited.
The simple explanation is a trip to the wrong website could end up putting your phone at the mercy of a site that's already been hacked itself. That's what cross-site script (XSS) issues do: They open an entry way for hackers to drop in their own malicious code. Using that, they could take over your browser and from there dig into personal info, bank account data, you name it.
So make this update a priority. The good news? In an upcoming update, Apple will be dropping new abilities for various devices, including a way to unlock phones with the Watch whenever a sanitary mask makes it impossible to open with your face.
Grabbing the update is simple. On your device, go to Settings —> General —> Software Update. Should that get confusing somehow, go here for help.