May 28, 2021 12:30:00

Apple leaves the modification of the rendering engine 'WebKit' used for Safari for 3 weeks

by JeanbaptisteM

It turns out that Apple has ignored the fix for the open source rendering engine WebKit used in Safari for three weeks and has left the known vulnerabilities untouched.

Patch Gapping a Safari Type Confusion | Theori
https://blog.theori.io/research/webkit-type-confusion/

No, it doesn't just crash Safari. Apple has yet to fix exploitable flaw | Ars Technica
https://arstechnica.com/gadgets/2021/05/exploitable-security-bug-remains-in-ios-and-macos-3-weeks-after-upstream-fix/

What happens when a security hole is fixed in WebKit's source but not released as a patch by Apple? Let's find out • The Register
https://www.theregister.com/2021/05/27/safari_webkit_bug/

The vulnerability in question is related to Safari's rendering engine 'WebKit'. Safari 14.1 released on April 26, 2021 has a new modular system 'AudioWorklet ' that directly accesses sound data and performs acoustic calculations, but there is a bug that this AudioWorklet crashes WebKit. Did. The WebKit development team has addressed this issue and released a new fix on May 8th.

AudioWorkletProcessor which does not extend base class crashes Safari · WebKit / WebKit @ d56afe6 · GitHub
https://github.com/WebKit/WebKit/commit/d56afe6836db40cdea22eaa6b47c56a6197a8bab

However, Apple has been ignoring this fix for three weeks. According to a report by Korean security company Theori, the vulnerability in question does not cause any problems other than crashing Safari by itself, but it can be used in combination with other vulnerabilities to execute arbitrary code, etc. ' Confusion bug' Can be realized. However, Theori states that it is unlikely to be feasible because the pointer authentication code must be bypassed in order to actually execute arbitrary code.

Theori pointed out that the 'patch gap', which is the blank period until the vulnerability fix distributed on the upstream side reaches the end user, poses a serious danger to open source development. 'The gap between the release and release of the fix patch is as small as possible. It should be shortened. ' We are asking Apple to fix the vulnerability in question.

In addition, Apple fixed the vulnerability of WebKit on May 4, 2021, but it is said that this vulnerability is not targeted.

About Safari 14.1 Security Content-Apple Support
https://support.apple.com/ja-jp/HT212340

Related Posts:

May 28, 2021 12:30:00 in Security, Posted by darkhorse_log