NiNi's Den

2025::How to Find the Latest WebKit (Safari) Patches

WebKit
Word count: 324Reading time: 2 min
2025/06/04

To track the latest WebKit CVEs, we rely on Apple’s security advisories. Apple publishes a document listing security updates and Rapid Security Responses for its software: Apple security releases – Apple Support. As of this writing, the most recent security content is iOS 18.5 and iPadOS 18.5, where you can clearly see each CVE number alongside its corresponding WebKit Bugzilla ID.

However, most people do not have the privilege to view the Bugzilla entries for these security issues.

We can still locate the specific Git commit on GitHub by the Bugzilla ID:

But If you search for the Bugzilla ID in GitHub’s search bar, you will probably find unrelated commits:

This happens because GitHub’s search functionality only indexes the main branch, whereas most security patches are committed to branches like safari-7621-branch. Therefore, the best way to find the patches you care about is to clone the entire WebKit repository and search by Git command. For example:

git clone https://github.com/WebKit/WebKit.git
cd WebKit
git log --all --grep='id=289653'
commit 656bcbf0bc42e3c84175614f27effc58825c69ed
Author: Nikolaos Mouchtaris <nmouchtaris@apple.com>
Date:   Mon Mar 24 11:56:44 2025 -0700

    Apple Safari Scrollbar Animation Use-After-Free Remote Code Execution Vulnerability
    https://bugs.webkit.org/show_bug.cgi?id=289653
    rdar://146505163
    
    Reviewed by Simon Fraser and Chris Dumez.
    
    Animations started by a WebScrollerImpDelegateMac have a chance of using a stale ScrollerMac
    value if that delegate is replaced without invalidating the delegate's animations. Fix this by
    calling invalidate on the WebScrollerImpDelegateMac before replacing it. Ensure this type of issue
    doesn't occur by refactoring WebScrollerImpDelegateMac and WebScrollbarPartAnimationMac to use
    smart pointers.
    
    * Source/WebCore/page/scrolling/mac/ScrollerMac.h:
    * Source/WebCore/page/scrolling/mac/ScrollerMac.mm:
    (-[WebScrollerImpDelegateMac setUpAlphaAnimation:featureToAnimate:animateAlphaTo:duration:]):
    (-[WebScrollerImpDelegateMac scrollerImp:animateUIStateTransitionWithDuration:]):
    (-[WebScrollerImpDelegateMac scrollerImp:animateExpansionTransitionWithDuration:]):
    (WebCore::ScrollerMac::ref):
    (WebCore::ScrollerMac::deref):
    (WebCore::ScrollerMac::attach):
    
    Canonical link: https://commits.webkit.org/289651.311@safari-7621-branch

Author:NiNi

Link:http://blog.terrynini.tw/en/2025-How-to-Find-the-Latest-WebKit-Safari-Patches/

Publish date:June 4th 2025, 4:16:52 pm

Update date:June 4th 2025, 4:20:27 pm

License:This article is licensed under CC BY-NC 4.0

avatar
Terrynini
逆逆逆逆
CATALOG
Total : 45
2025
2024
2023
2022
2021
2020
2019
2018
2017
CTF Reverse HITCON SECCON 0CTF ASIS RealWorldCTF Web CONFidence Flare-On Plaid Pragyan AFL++ QEMU Balsn Algorithm AIS3 Reversing-kr Cryptography Pwn Misc OSCP Travel CSS Dev OS Base64 AVX FaceBook GIF Windows browser Chakra JIT Reversing GameHacking OSEE WebKit
WriteUp Record Reminder Note TodayILearn