viralamo

Menu
  • Technology
  • Science
  • Money
  • Culturs
  • Trending
  • Video

Subscribe To Our Website To Receive The Last Stories

Join Us Now For Free
Home
Technology
No, it doesn’t just crash Safari. Apple has yet to fix exploitable flaw
Technology

No, it doesn’t just crash Safari. Apple has yet to fix exploitable flaw

26/05/2021

No, it doesn’t just crash Safari. Apple has yet to fix exploitable flaw

Apple has yet to patch a security bug found in iPhones and Macs despite the availability of a fix released almost three weeks ago, a researcher said.

The vulnerability resides in WebKit, the browser engine that powers Safari and all browsers that run on iOS. When the vulnerability was fixed almost three weeks ago by open source developers outside of Apple, the fix’s release notes said that the bug caused Safari to crash. A researcher from security firm Theori said the flaw is exploitable, and despite the availability of a fix, the bug is still present in iOS and macOS.

Mind the gap

“This bug yet again demonstrates that patch-gapping is a significant danger with open source development,” Theori researcher Tim Becker wrote in a post published Tuesday. “Ideally, the window of time between a public patch and a stable release is as small as possible. In this case, a newly released version of iOS remains vulnerable weeks after the patch was public.”

“Patch-gapping” is the term used to describe the exploitation of a vulnerability during the usually brief window between the time it’s fixed upstream and when it becomes available to end-users. In an interview, Becker said that the patch has yet to make its way into macOS as well.

The vulnerability stems from what security researchers call a type confusion bug in the WebKit implementation of AudioWorklet, an interface that allows developers to control, manipulate, render, and output audio and decrease latency. Exploiting the vulnerability gives an attacker the basic building blocks to remotely execute malicious code on affected devices.

Advertisement

To make the exploitation work in real-world scenarios, however, an attacker would still need to bypass Pointer Authentication Codes, or PAC, an exploit mitigation system that requires a cryptographic signature before code in memory can be executed. Without the signature or a bypass, it would be impossible for malicious code written by the WebKit exploit to actually run.

“The exploit builds arbitrary read/write primitives which could be used as part of a larger exploit chain,” Becker said, referring to proof-of-concept attack code his company has released. “It does not bypass PAC. We consider PAC bypasses to be separate security issues and thus should be disclosed separately.”

Theori said that company researchers independently discovered the vulnerability but that it had been fixed upstream before they could report it to Apple.

“We didn’t expect Safari to still be vulnerable weeks after the patch was public, but here we are… ” Becker wrote on Twitter.

This exploit was a fun challenge. We didn’t expect Safari to still be vulnerable weeks after the patch was public, but here we are… https://t.co/jkEH7w498Q

— Tim Becker (@tjbecker_) May 26, 2021

Eight Apple zero-days and counting

While the threat posed by this vulnerability isn’t immediate, it’s still potentially serious because it clears a significant hurdle required to wage the kinds of in-the-wild exploits that have bedeviled iOS and macOS users in recent months.

According to a spreadsheet maintained by Google’s Project Zero vulnerability research team, seven vulnerabilities have been actively exploited against Apple users since the beginning of the year. The figure rises to eight if you include a macOS zero-day that Apple patched on Monday. Six of the eight vulnerabilities resided in WebKit.

Apple representatives didn’t respond to an email seeking comment for this post.

Source link

Share
Tweet
Pinterest
Linkedin
Stumble
Google+
Email
Prev Article
Next Article

Related Articles

Enthusiast Gaming will be the first game media and influencer company on Nasdaq
Enthusiast Gaming announced that it will become a publicly traded …

Enthusiast Gaming will be the first game media and influencer company on Nasdaq

Cobalt raises $29 million to bring its ‘pentest as a service’ platform to more software teams
Cobalt.io, a “pentest-as-a-service” platform that lets any business access ethical …

Cobalt raises $29 million to bring its ‘pentest as a service’ platform to more software teams

Leave a Reply Cancel reply

Find us on Facebook

Related Posts

  • Is your small business ready for the new world of work? (VB Live)
    Is your small business ready for the …
    01/09/2020
  • Apple’s satellite project won’t rival SpaceX’s Starlink anytime soon
    Apple’s satellite project won’t rival SpaceX’s Starlink …
    20/12/2019
  • Cardiologs raises $15 million for AI that helps spot heart conditions
    Cardiologs raises $15 million for AI that …
    10/01/2020
  • PlayStation 5 gets Godfall looter-slasher from Gearbox Publishing
    Homeschooling startup Primer raises $3.7 million seed …
    12/05/2020
  • Slack’s shares fall 18% after quarterly billing growth slows
    Slack’s shares fall 18% after quarterly billing …
    09/09/2020

Popular Posts

  • 10 Unusual Tombs from Around the World …
    26/06/2022 0
  • 10 Eerie Real-Life Paranormal Encounters to Creep …
    29/05/2022 0
  • The mystery of China’s sudden warnings about US hackers
    The mystery of China’s sudden warnings about …
    29/05/2022 0
  • 10 Huge Problems Animals Should Have But …
    30/05/2022 0
  • 10 U.S. Towns with Terrifying Local Legends …
    30/05/2022 0

viralamo

Pages

  • Contact Us
  • Privacy Policy
Copyright © 2022 viralamo
Theme by MyThemeShop.com

Ad Blocker Detected

Our website is made possible by displaying online advertisements to our visitors. Please consider supporting us by disabling your ad blocker.

Refresh