Lots of iPhone users aren’t crazy about the iOS built-in browser, Safari, and prefer to use an alternative — Google Chrome, Mozilla Firefox, or even something more exotic like DuckDuckGo, Brave or Microsoft Edge (yes, there’s Edge for iOS!).
iPhone users who prefer alternative browsers might get lulled into thinking that the vulnerabilities in Safari and the WebKit engine don’t present a direct danger to them. Unfortunately, this isn’t the case. In this post, we give you the lowdown and tell you why you need to make sure that Safari and WebKit on your iPhone are always updated in time.
Every browser in iOS is Safari
Every browser is based on what is called an “engine.” The engine processes the code that is received from the internet and transforms it into the web pages that the browser ultimately shows the user. Of course, the browser has a bunch of other necessary and useful parts that direct the engine and ensure that the additional features work. Think of the browser engine like the engine of a car: it’s the most important part of a browser and without it you won’t get anywhere.
There are three major browser engines in the world. Google uses its own V8 engine in its Chrome and Chromium browsers, while Microsoft Edge and dozens of other browsers are based on Chromium. There is also the Gecko engine — its modern version is called Quantum — which Mozilla developed and supports for the Firefox browser and a few others. Finally, the third giant of the modern web is Apple’s engine — Webkit, which is used in the Safari browser.
But here’s the thing. The Chrome and Firefox versions for desktop computers and Android are built on Google’s V8 engine and Mozilla’s Gecko/Quantum engine, respectively. However, it’s a different story for iPhones. In keeping with Apple’s policies, there is only one engine permitted in iOS — you guessed it: WebKit. This means that all browsers for iOS are essentially Safari with different user interfaces.
This means that all vulnerabilities found in WebKit present a danger for users of any browsers for iOS. Since iPhones are a very tempting target for hackers, security specialists study the WebKit engine all the more closely, and as a result, they find vulnerabilities in it rather often. This includes vulnerabilities that attackers are already using in the wild.
One of the most dangerous types of vulnerabilities in a browser engine is a so-called zero-click vulnerability, which allows bad actors to infect an iPhone without any action by the user. When this kind of vulnerability is exploited, the user doesn’t need to be convinced to download or install anything. All the attacker needs do is draw the victim to a specially built website with malicious code or hack a popular site and implant the malicious code in it. After the user visits such a site through a vulnerable browser, the attackers can take control of the iPhone.
How to update Safari and WebKit
It’s important to remember that the update of the WebKit engine and Safari browser isn’t related to the update of the browser apps you’re using. Google Chrome automatically updates from the App Store — that is, if you haven’t disabled this option, and we don’t recommend that you do — but in essence this is an update of the shell program, not the engine. So this won’t solve the problem of vulnerabilities in WebKit.
To avoid vulnerabilities in both the WebKit engine and Safari browser, you need to install the appropriate iOS updates. The best thing to do is to make sure to install all the latest operating system updates — after all, the vulnerabilities aren’t just in the browser engine but also in other important components of iOS.
To update your iPhone, go to Settings → General → Software Update. If you see a button on the screen that says Download and Install, tap it and follow the instructions.
Don’t be afraid of iOS updates
A lot of users are lukewarm about updating the operating system: some people don’t like having to get used to new features in the interface, some worry about having less storage, while others fear that after an update the iPhone may start to slow down or some old apps that are no longer supported in the new version will stop working.
These fears aren’t totally unfounded. It’s true that Apple does sometimes make the interface less user-friendly. It’s also true that each new version of the system takes up a bit more storage than the previous one and leaves less space for your files. And it’s no myth that iPhones have slowed down after an update — this has been documented.
But we still recommend that you always keep your iPhone updated: doing so is crucial for keeping your data safe and ensuring that it doesn’t fall into the wrong hands. Unfortunately, there is no full-fledged antivirus for iOS. That means that the iPhone’s security is contained only in Apple’s protection mechanisms, so any hole in them without a system update remains an open door for hackers.