Bugs in software are not right from ordinary bugs, can even harm the security of a system. Of course, they are still repaired but some time-sensitive bugs and their patches need to be launched as soon as possible. Unfortunately, a security researcher shows that Apple may not see one vulnerability as it is urgent because it has not launched improvements to iOS and MacOS which will plug in webkit bugs that not only cause safari crashes but also leave a door open for attackers to exploit.
WebKit is a machine used by Apple not only for Safari web browsers but also to display web pages or HTML content in the application. Thus, he is present in almost all platforms, both cellphones and desktops, which means that any security defects in it can affect all these platforms. That was what happened with a bug in the webkit audioworklet reported and repaired by the open source developer last week.
As suggested by Mane, Audoworklet is responsible for playing audio content but the vulnerability will allow hackers to eventually execute malicious code on open devices. But in reality, the hackers still have to go through a circle to really make unauthorized code. More specifically, hackers must bypass the exploitation mitigation system first, and it is more difficult to do than to take advantage of this webkit defect.
However, what security company wants to emphasize theori, is the danger of patch-gapping that Apple is at stake. Patch-gapping refers to the brief window opportunity between having improvements available in the source and has repairs it is finally available for users. In this case, the webkit audioworklet bug is patched by developers outside Apple but the company has not really rolled it up.
As ARS Technica shows, this is not an isolated case. Apple has a calculation of zero vulnerabilities that still have to be repaired, with six of the eight of them found in the webkit. Because it affects almost all Apple devices, people will hope it also moves faster in connecting the holes.