This 5-year-old flaw allowed hackers to infect your Apple devices

According to Maddie Stone, one of the experts who discovered the flaw, a variant of it reappeared three years after it was fixed in 2016. The attack uses the same bugs as the older version, but it takes different paths to press where it hurts. The code has also been modified to circumvent the protections put in place by Apple.

For more than five years, Safari was therefore sensitive to this second generation security flaw. Apple finally released an update to Safari, iOS, iPadOS and macOS in February 2022 to get rid of it, hopefully this time around.

The author of the article detailing this case clears Apple’s teams of any responsibility, admitting that there is no easy answer to what should have been done differently and that the developers who patched the flaw in 2013 “followed many good practices”

In particular, they had fixed all the ways to trigger the vulnerability, not just the path used for the proof of concept. They had also explained well in the commits the nature of the flaw and how they were going to fix it.

Leave a Comment