Skip to main content

Another exploit found in WebKit hasn’t yet been fixed in the latest iOS and macOS versions

Apple released iOS 14.5.1 and other software updates in late April that brought important security fixes to WebKit, which is the engine behind Safari and other web browsers on iOS. However, security researchers point out that there is still an exploit in WebKit that is active even in the latest versions of iOS and macOS.

As pointed out by security firm Theori (via ArsTechnica), the vulnerability is related to AudioWorklet, which manages audio output on web pages, and causes Safari to crash. With the right commands, attackers can use this exploit to execute malicious code on the iPhone, iPad, and Mac.

However, what really intrigues researchers is that a fix for this vulnerability was revealed almost three weeks ago by developers outside of Apple, as seen on the WebKit repository on GitHub. Even so, Apple hasn’t yet included the fix in the latest versions of its operating systems. “We didn’t expect Safari to still be vulnerable weeks after the patch was public,” said one of the researchers.

As Theori pointed out, the window between a public patch and its inclusion in official releases should be “as small as possible,” but for some unknown reason Apple has yet to acknowledge the problem.

Apple is currently working on iOS 14.7 and other software updates, which are currently available as beta releases for developers — so perhaps the company will finally include the fix to the WebKit exploit with these updates.

More details about the vulnerability can be found on Theori’s website.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Filipe Espósito Filipe Espósito

Filipe Espósito is a Brazilian tech Journalist who started covering Apple news on iHelp BR with some exclusive scoops — including the reveal of the new Apple Watch Series 5 models in titanium and ceramic. He joined 9to5Mac to share even more tech news around the world.

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications