Apple has released iOS 14.5.1, which provides a memory corruption bug fix and patches an arbitrary code execution (ACE) vulnerability in WebKit — a web browser engine. Arbitrary code execution refers to an attacker executing code that they should not be able to execute.
A malicious website could theoretically execute harmful code on your iPhone, or iPad if they exploited that vulnerability. Browsers are designed to limit the ability of websites to execute code that could be harmful to your device. However, hackers do sometimes find a way around that — and this is one such case.
Apple says that the vulnerability (CVE-2021-30663) may have been actively exploited and classifies it as important (which it is). The update (iOS 14.5.1) is now available, and you can look for it by going to Settings > General > Software Update.
The vulnerability also affects Macs, Apple Watches, and Apple TVs. There are updates for those as well.