Software bugs are not exactly out of the ordinary, even bugs that can compromise the security of a system. Of course, these are resolved possibly, but some bugs are time sensitive and that their fixes must be deployed as quickly as possible. Unfortunately, a security researcher points out that Apple can not see such a vulnerability as an urgent issue, because it has not deployed a solution to iOS and macos that will connect a webkit bug that not only allows to plant Safari, But also leaves an open door for attackers to exploit.
Webkit is the motor that Apple uses not only for its Safari web browser, but also to display web pages or HTML content in applications. As such, it is present in almost all its platforms, mobile and desktops, which means that any security breach it could also affect all these platforms. This was the case of a bug in webkit audioWorklet that was reported and set by open source developers weeks ago.
As indicated by the mane, AudioWorklet is responsible for reading audio content, but the vulnerability would allow hackers to execute pirates to execute malicious code on exposed devices. In fact, however, these computer hackers will always have to pass through hoops to perform an unauthorized code run. More specifically, the computer hacker should first around the exploitation mitigation systems, and these are more difficult to do than take advantage of this Webkit fault.
What the security company, Theory would like to emphasize, however, is the danger of the patch height that Apple was likely to risk. Patch-Gapping refers to the brief window of opportunity between having a solution available at the source and have this solution finally made available to users. In this case, the webkit audioworker bug has been corrected by developers outside Apple, but the company has not yet been launched.
As Ars Technica also emphasizes, this is not an isolated case. Apple has a zero-day vulnerability outlet that it still has to fix, with six out of eight of them found inside Webkit. As affects almost all Apple devices, it is hoped that it also moves faster in the holes