Lots of iPhone users arenāt crazy about the iOS built-in browser, Safari, and prefer to use an alternative ā Google Chrome, Mozilla Firefox, or even something more exotic like DuckDuckGo, Brave or Microsoft Edge (yes, thereās Edge for iOS!).
iPhone users who prefer alternative browsers might get lulled into thinking that the vulnerabilities in Safari and the WebKit engine donāt present a direct danger to them. Unfortunately, this isnāt the case. In this post, we give you the lowdown and tell you why you need to make sure that Safari and WebKit on your iPhone are always updated in time.
Every browser in iOS is Safari
Every browser is based on what is called an āengine.ā The engine processes the code that is received from the internet and transforms it into the web pages that the browser ultimately shows the user. Of course, the browser has a bunch of other necessary and useful parts that direct the engine and ensure that the additional features work. Think of the browser engine like the engine of a car: itās the most important part of a browser and without it you wonāt get anywhere.
There are three major browser engines in the world. Google uses its own V8 engine in its Chrome and Chromium browsers, while Microsoft Edge and dozens of other browsers are based on Chromium. There is also the Gecko engine ā its modern version is called Quantum ā which Mozilla developed and supports for the Firefox browser and a few others. Finally, the third giant of the modern web is Appleās engine ā Webkit, which is used in the Safari browser.
But hereās the thing. The Chrome and Firefox versions for desktop computers and Android are built on Googleās V8 engine and Mozillaās Gecko/Quantum engine, respectively. However, itās a different story for iPhones. In keeping with Appleās policies, there is only one engine permitted in iOS ā you guessed it: WebKit. This means that all browsers for iOS are essentially Safari with different user interfaces.
This means that all vulnerabilities found in WebKit present a danger for users of any browsers for iOS. Since iPhones are a very tempting target for hackers, security specialists study the WebKit engine all the more closely, and as a result, they find vulnerabilities in it rather often. This includes vulnerabilities that attackers are already using in the wild.
One of the most dangerous types of vulnerabilities in a browser engine is a so-called zero-click vulnerability, which allows bad actors to infect an iPhone without any action by the user. When this kind of vulnerability is exploited, the user doesnāt need to be convinced to download or install anything. All the attacker needs do is draw the victim to a specially built website with malicious code or hack a popular site and implant the malicious code in it. After the user visits such a site through a vulnerable browser, the attackers can take control of the iPhone.
How to update Safari and WebKit
Itās important to remember that the update of the WebKit engine and Safari browser isnāt related to the update of the browser apps youāre using. Google Chrome automatically updates from the App Store ā that is, if you havenāt disabled this option, and we donāt recommend that you do ā but in essence this is an update of the shell program, not the engine. So this wonāt solve the problem of vulnerabilities in WebKit.
To avoid vulnerabilities in both the WebKit engine and Safari browser, you need to install the appropriate iOS updates. The best thing to do is to make sure to install all the latest operating system updates ā after all, the vulnerabilities arenāt just in the browser engine but also in other important components of iOS.
To update your iPhone, go to Settings ā General ā Software Update. If you see a button on the screen that says Download and Install, tap it and follow the instructions.
Donāt be afraid of iOS updates
A lot of users are lukewarm about updating the operating system: some people donāt like having to get used to new features in the interface, some worry about having less storage, while others fear that after an update the iPhone may start to slow down or some old apps that are no longer supported in the new version will stop working.
These fears arenāt totally unfounded. Itās true that Apple does sometimes make the interface less user-friendly. Itās also true that each new version of the system takes up a bit more storage than the previous one and leaves less space for your files. And itās no myth that iPhones have slowed down after an update ā this has been documented.
But we still recommend that you always keep your iPhone updated: doing so is crucial for keeping your data safe and ensuring that it doesnāt fall into the wrong hands. Unfortunately, there is no full-fledged antivirus for iOS. That means that the iPhoneās security is contained only in Appleās protection mechanisms, so any hole in them without a system update remains an open door for hackers.
Source: kaspersky.com