Apple is yet patch a WebKit vulnerability present in both iOS (opens in new tab) and macOS (opens in new tab) despite a fix for the flaw being available for several weeks now, experts have warned.
The vulnerability was first discovered by researchers at cybersecurity (opens in new tab) startup Theori, who also has a proof-of-concept exploit that takes advantage of the bug.
According to the Theori team, the issue stems from the AudioWorklet interface of the Web Audio API that allows developers to control, manipulate, render, and output audio (opens in new tab).
- These are the best endpoint protection tools (opens in new tab)
- Check our list of the best firewall apps and services (opens in new tab)
- And here are the best malware removal (opens in new tab) software on the market
A patch for the vulnerability was added to the upstream WebKit code early in May. Strangely however, Theori notes that Apple continues to ship vulnerable iOS updates almost three weeks after the patch was made public.
Patch gaping
AppleInsider explains that exploiting the flaw could give attackers the building blocks to execute malicious code on devices.
The process though isn’t straightforward as any exploitation in the real world would still need a way to bypass the Pointer Authentication Codes (PAC), which is a mitigation system that requires a cryptographic signature before code can be executed in memory.
Irrespective of how complex it is to exploit the bug, the real issue here is Apple’s inaction despite the public availability of a patch.
Ideally, there should be a minimal amount of time between a public patch and a stable release. In this case though, Apple continues to ship new versions of iOS with the unpatched vulnerable version of WebKit.
Threat actors are known to take advantage of this patch gaping; the window between fixing a vulnerability and shipping the patch to the users.
“This bug yet again demonstrates that patch-gapping is a significant danger with open source (opens in new tab) development. Ideally, the window of time between a public patch and a stable release is as small as possible. In this case, a newly released version of iOS remains vulnerable weeks after the patch was public,” conclude Theori researchers.
- Protect your devices with these best antivirus software (opens in new tab)
Via AppleInsider (opens in new tab)