Security News > 2022 > February > Apple emits emergency fix for exploited-in-the-wild WebKit vulnerability

Apple emits emergency fix for exploited-in-the-wild WebKit vulnerability
2022-02-11 22:03

Apple on Thursday patched a zero-day security vulnerability in its WebKit browser engine, issuing updates for iOS, iPadOS, and macOS. Its Safari browser, based on WebKit, received the security update separately for instances where it is being used with an older version of macOS, like Big Sur.

The Apple patch is relevant not just to users of Safari, which relies on WebKit, but to users of any iOS browser, because Apple requires that all iOS browsers use WebKit - a situation currently being considered by antitrust regulators in the US and UK. Alex Russell, a program manager for Microsoft's Edge browser who formerly worked at Google and has long evangelized web technology, echoed past frustration with Apple's insistence that only WebKit is fit for iOS. "Imagine, if you can, a world where installing an alternative browser as your default actually had a chance of protecting you from Apple's shocking underinvestment in security," he lamented via Twitter.

In defense of its practices, Apple claims "That as a result of its requirement that all browsers on iOS be based on its own browser engine, WebKit, it is more readily able to fix any privacy and security concerns that arise in a timely manner, and reduce risks for users," as the the UK's Competition and Market Authority recounted in its January 26, 2022 interim report.

The Register understands from speaking to web developers opposed to Apple's WebKit policies that a few months ago Apple started showing signs that it intends to invest in WebKit.

Since September 2021, Apple has posted 35 positions with its WebKit team in the US and leaders of that group on Twitter have repeatedly solicited technical talent.

Given Apple's less-than-eager response to comply with a recent Dutch ruling requiring the company to permit third-party payment processors in local data apps, it appears to be unlikely Apple will relax its WebKit requirement in iOS unless regulators force a change.


News URL

https://go.theregister.com/feed/www.theregister.com/2022/02/11/apple_emergency_webkit/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apple 72 238 1567 2279 265 4349
Webkit 2 0 1 6 0 7