No, it doesn’t just crash Safari. Apple has yet to fix exploitable flaw

by
Dan Goodin
from Ars Technica - All content on (#5JA74)
mac-iphone-800x534.jpeg

Enlarge (credit: Getty Images)

Apple has yet to patch a security bug found in iPhones and Macs despite the availability of a fix released almost three weeks ago, a researcher said.

The vulnerability resides in WebKit, the browser engine that powers Safari and all browsers that run on iOS. When the vulnerability was fixed almost three weeks ago by open source developers outside of Apple, the fix's release notes said that the bug caused Safari to crash. A researcher from security firm Theori said the flaw is exploitable, and despite the availability of a fix, the bug is still present in iOS and macOS.

Mind the gap

This bug yet again demonstrates that patch-gapping is a significant danger with open source development," Theori researcher Tim Becker wrote in a post published Tuesday. Ideally, the window of time between a public patch and a stable release is as small as possible. In this case, a newly released version of iOS remains vulnerable weeks after the patch was public."

Read 9 remaining paragraphs | Comments

index?i=2RsJS3TNVoU:qFJKG2p-Ps8:V_sGLiPB index?i=2RsJS3TNVoU:qFJKG2p-Ps8:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments