Safari 14.1 for Mac and Safari in iOS 14.5.1, released in late April, added support for the new AudioWorklets technology. This is a web standard that optimises audio processing in the browser and makes it possible to do more with audio on the web with less resources.
Shortly afterwards, however, security researchers discovered a bug in Apple’s implementation that made it possible to use technology to get Safari or other WebKit-based browsers to run arbitrary code. The developers at WebKit fixed the bug, but for some reason Apple’s Safari developers did not bake the fix into Safari on iOS or macOS,
This means that even the latest versions of Safari on Mac, iPhone and iPad remain unpatched and vulnerable.
“Ideally, the window of time between a public patch and a stable release is as small as possible,” Theori comments. “In this case, a newly released version of iOS remains vulnerable weeks after the patch was public.”
Read our guide to the
best Mac antivirus for security-related buying advice.
This article originally appeared on
Macworld Sweden. Translation by David Price.