Apple yet to fix security bug found in iOS and macOS despite releasing a fix just weeks ago

According to a report by a security firm, Apple has yet to fix a security bug present in iPhones and Macs despite releasing the fix at the end of April. The issue resides in WebKit, the browser engine that powers Safari and other browsers on iOS.

More specifically, the issue is in regard to AudioWorklet which manages audio output on web pages and causes Safari to crash repeatedly. With the right set of commands, potential attackers can utilize this to exploit to execute malicious code on iOS, macOS, and even iPadOS.

Apple Safari

Security firm points out the vulnerability in iOS and macOS, despite Apple releasing an update just weeks ago

The researcher security firm Theori, via ArsTechnica, said that the flaw is exploitable and even though a fix is available, the bug still resides in iOS and macOS. “Patch-gapping” is the term used to describe the exploitation of a vulnerability during the usually brief window between the time it is fixed and when it becomes available to end-users.

This bug yet again demostrates that patch-gapping is a significant danger with open source development. Ideally, the window of time between a public patch and stable release is as small as possible. In this case, a newly released version of iOS remains vulnerable weeks after the patch was public.

iPhone 12 purple

The fix for this vulnerability was discovered back three weeks ago by various developers outside of Apple. But, the Cupertino tech giant has not yet included the fix in the latest versions of its operating systems. The window present between a public patch and its insertion in official releases should be as small as possible. However, for various unknown reasons the Cupertino tech giant has not acknowledged this issue.

Writing an exploit is often like programming a very strange machine. We begin with limited capabilities, upon which we build stronger and stronger abstractions, until we have achieved arbitary code execution. The first step is determining what primitives we have to build our abstractions on.

iOS tvOS watchOS macOS

Currently, the tech giant is working on iOS 14.7 among other software updates, which are currently available as beta releases for developers. Maybe the company will provide a fix for WebKit exploit in any one of these updates.

Have you experienced Safari crashing, what are your thoughts about this? Let us know in the comments below.

Read More:

About the Author

Usman has been playing games for as long as he can remember. He is an editor at iThinkDifferent and writes about games, Apple news, hardware, productivity guides, and more. When not writing for iTD, Usman loves to play competitive Team Fortress 2, spends time honing his football skills, and watches superhero movies.

2 comments

Leave a comment