Security News > 2022 > June > Google Researchers Detail 5-Year-Old Apple Safari Vulnerability Exploited in the Wild

A security flaw in Apple Safari that was exploited in the wild earlier this year was originally fixed in 2013 and reintroduced in December 2016, according to a new report from Google Project Zero.

In early February 2022, Apple shipped patches for the bug across Safari, iOS, iPadOS, and macOS, while acknowledging that it "May have been actively exploited."

"In this case, the variant was completely patched when the vulnerability was initially reported in 2013," Maddie Stone of Google Project Zero said.

"However, the variant was reintroduced three years later during large refactoring efforts. The vulnerability then continued to exist for 5 years until it was fixed as an in-the-wild zero-day in January 2022.".

Then subsequent code changes undertaken years later revived the zero-day flaw from the dead like a "Zombie."

"Both the October 2016 and the December 2016 commits were very large. The commit in October changed 40 files with 900 additions and 1225 deletions. The commit in December changed 95 files with 1336 additions and 1325 deletions," Stone noted.

News URL

https://thehackernews.com/2022/06/google-researchers-detail-5-year-old.html