Google’s latest security testing tool confirmed that Apple’s Safari browser has dozens of bugs.
Google’s Project Zero recently launched a security testing feature. This open-source security tool has found 31 security bugs, however, most were attributed to Apple’s Safari browser.
Ivan Fratric from Project Zero user a fuzzer tool called Domato. This tool has managed to expose 17 bugs in the Safari browser. Other bugs were also found in Chrome, Edge, and Inter Explorer. All bugs have since been fixed.
The Domato tool was created with the goal in mind to find bugs in the Document Object Model (DOM) engines of popular browsers such as Safari, Edge, and Chrome. Each browser has a DOM engine embedded in its rendering engine. These often become targeted by hackers as in the case that emerged last November in the zero-day operation in Firefox.
According to Fratric, DOM engines generally have a huge problem with browser bugs and are attractive targets for malicious attackers.
As with the zero-day Firefox exploit, which was uncovered by Exodus Intel, the bugs were used to identify visitors of a child pornography website.
Fratric has recently decided to make Domato an open-source tool, with the hopes that Domato could be helpful to other users, and that users might help to improve Domato.
To check for bugs, Fratric and his team fuzzed each browser. This involves imputing random code into a browser, in order to encourage a crash. This was repeated around 100 million times. Since a single machine would’ve been too slow for this, browsers were tested using Google’s cloud.
Fratric has estimated that a fuzzing of this size using Google’s Compute Engine would cost $1000 since the determined hacker could easily afford this, it makes this operation all the more necessary.
Domato’s results confirmed that all browsers enjoyed more or less the same sort of security against bugs, except Safari. Overall Fratric found two in Chrome, four in Firefox, four in Internet Explorer, and six in Edge, the rest were found in Safari.
Safari’s lacking in bug protection may soon be rectified. Fratric has offered Apple access to Domato, which Apple has decided to take up when they hired a Project Zero member.
Fratric has pointed out that Safari’s performance is worrying, especially since iOS operating systems are becoming an increasingly irresistible target for hackers.
Another notable observation about Safari’s bugs is the fact that the number of bugs has increased, especially compared to Google Chrome. Safari and Chrome used the same DOM engines until a few years ago. Google, however, quit this engine (WebKit) some time ago, and since then the number of bugs in WebKit has either increased significantly, or Chrome’s bugs have decreased significantly.
In order to address and rectify this, Fratric has offered Domato to Apple. He offered that they could share the tools and methods to increase their security. This was only accepted recently when a Project Zero member was hired by Apple and took Fratric up on his offer. Fratric is hopeful that the fuzzer will help Apple to improve WebKit.
Fratric also extended this offer to Microsoft, responsible for Internet Explorer and Edge.