week 3

As Apple prepares to release the iPhone 11 on Tuesday, recent failures suggest that the company should now go beyond fixing personal security vulnerabilities that make these attacks possible, and instead examine deeper issues that generate such rich content in iOS. Error. According to iOS’s dedicated security researchers, this means looking closely at two key developments within the iPhone: Safari and iMessage.

According to security researchers, one problem that makes WebKit a mandatory issue is that Apple’s browser engine is in some ways less secure than Chrome’s. Amy Burnett, the founder of security company Ret2, who led training in Chrome and WebKit development, said it was not clear which of the two browsers had the most exploitable vulnerabilities. But she attributes Chrome’s faster bug fixes, in part, to Google’s internal efforts to find and eliminate security vulnerabilities in its code, usually through automated technologies such as fuzzy testing.

Google also provides a bug reward for Chrome vulnerabilities, which motivates hackers to discover and report them, and Apple has not offered such a reward for WebKit other than integrating WebKit vulnerabilities into deep iOS attacks. “You’ll find similar bugs in both browsers,” Bernett said. “The question is whether they can get rid of the low hanging fruit and it looks like Google is doing better there.” Burnett adds that Chrome’s sandbox isolates browsers from other parts of the operating system, which is also “well-known” and difficult to bypass – harder to build than WebKit – making any Chrome vulnerability still less relevant for further access to devices.

https://www.wired.com/story/ios-security-imessage-safari/

Leave a Reply