Exploitable Safari WebKit Vulnerability Not Patched by Apple Despite Available Fix

BY Sanuj Bhatia

Published 27 May 2021

safari on iphone

According to Theori, an exploitable WebKit vulnerability is still present on the latest version of iOS and macOS even though a fix has been available for ‘weeks.’ WebKit is the engine used by Safari and other web browsers on iOS.

The vulnerability was first reported by security firm Theori. The vulnerability is related to the AudioWorklet function in WebKit. AudioWorklet is responsible for managing audio output on web pages. According to Theori, exploiting the vulnerability can give attackers “the basic building blocks to remotely execute malicious code on affected devices.”

The vulnerability was patched in early May, according to the WebKit repository on GitHub. However, the most surprising thing is that even though the fix for the vulnerability has been available for weeks, Apple is yet to patch it in the latest version of iOS and macOS. The reports claim that the vulnerability might have been ‘actively exploited.’

Apple has released several iOS updates in the past few months patching Webkit vulnerabilities. iOS 14.4.2 was released two weeks after iOS 14.4.1 that patched ‘critical’ WebKit fixes. And the more recent iOS 14.5.1 was released only a week after iOS 14.5, fixing critical Webkit vulnerabilities.

The window of fix release between the public patch and stable release should be as small as possible, as Theori reports. However, it is surprising that Apple still has not fixed the bug even when the fix has been available for three weeks. “We didn’t expect Safari to still be vulnerable weeks after the patch was public, but here we are… ” Becker wrote on Twitter.

Last week, Apple released macOS Big Sur 11.4 that patched a bug that allowed hackers to take screenshots of Mac’s screen with the user’s consent. Apple has been active in fixing zero-day vulnerabilities, however, it remains to be seen when the fix for AudioWorklet is released.

[Via ArsTechnica]

Related Articles

Retail Apple Store India First Image

Apple Enforces Exclusivity, Bans 22 Rival Brands Near First Retail Store in India

Sriansh

Don’t Hang Up During Accidental Crash Detection Calls, says Apple

Dave Johnson
Universal Control

Users Reporting Issues With Continuity Features on macOS 13.3 and iPadOS 16.4

Sriansh

Apple Says It’s Closer to a Completely Carbon-Neutral Supply Chain

Dave Johnson
must-have-ipad-pro-pencil-apps-featured

IPAD PRO 2

Oct 30, 2016

11 Must Have Apps for Apple Pencil and iPad Pro Users

Khamosh Pathak

iPad Pro is a beast of a machine. Yes, it runs iOS but don’t let that fool you. iOS has many ways to be productive and for doing creative work. Granted, it’s different

Read More

MACOS

Jun 13, 2016

‘Apple File System’ Is the Company’s New File System for watchOS, iOS, tvOS, and macOS

Rajesh Pandey

It has long been rumored that Apple is working on a new file system to replace the archaic HFS+ file system that macOS currently uses. The company was expected to announce a new file system

Read More
Apple volunteer

APPLE NEWS

Mar 16, 2015

‘Apple Global Volunteer Program’ will let employees sign up to help local communities

Evan Selleck

Apple is no stranger to donating large sums of money to a cause, or to even help diversification within the tech industry. But now it's aiming to donate some individual human hours as well,

Read More

Want to know more about apple Products

We launch new articles subscribe and get updated. MAX 1 email a week. No spam, ever.

Cancel