A WebKit exploit still exists weeks after someone told Apple how to fix it
What you need to know
- A WebKit exploit exists that could allow the execution of malicious code on a Mac, iPhone, and iPad.
- Researchers told Apple how to fix the issue three weeks ago, but it still hasn't been done.
We've seen other issues fixed in the interim.
A security exploit that could allow malicious code to be run on Macs, iPhones, and iPads hasn't been fixed despite someone telling Apple how to do so three weeks ago. The flaw relates to WebKit across macOS, iOS, and iPadOS.
Webkit is what powers Safari and a number of similar web browsers and the bug appears to be related to AudioWorklet which manages audio output from web pages. When exploited, the bug could allow malicious code to be run as reported by ArsTechnica.
But most notable is the fact that security researchers have already provided Apple with the tools they need to fix the issue entirely – but three weeks later, that's yet to happen.
This exploit was a fun challenge. We didn't expect Safari to still be vulnerable weeks after the patch was public, but here we are... https://t.co/jkEH7w498Q— Tim Becker (@tjbecker_) May 26, 2021
Apple recently shared a number of updates including some that fixed another WebKit security flaw in iOS 14. It isn't clear why this one didn't make the cut or indeed if it will in a future release.
Despite still being affected by this issue, the recently released iPad Pro is still arguably one of the most secure devices you can buy, thanks in part to the App Store and its app distribution model. Be sure to check out our collection of the best iPad Pro deals before you place your order!