Apple’s App Store rules mean that all browsers on iPhones and iPads must use WebKit, making this sort of bug a truly cross-browser problem for mobile Apple devices.
Kernel code execution bugs are inevitably much more serious than app-level bugs, because the kernel is responsible for managing the security of the entire system, including what permissions apps can acquire, and how freely apps can share files and data between themselves.
Ironically, kernel-level bugs that rely on a booby-trapped app are often not much use on their own against iPhone or iPad users, because Apple’s strict App Store “Walled garden” rules make it hard for attackers to trick you installing a rogue app in the first place.
You can’t go off market and install apps from a secondary or unofficial source, even if you want to, so crooks would need to sneak their rogue app into the App Store first before they could attempt to talk you into installing it.
The worrying thing about both bugs is not only that they’re zero-day holes, meaning the attackers found them and were already using them before any patches were figured out, but also that they were reported by “Clément Lecigne of Google’s Threat Analysis Group and Donncha Cearbhaill of Amnesty International’s Security Lab”.
Apple isn’t giving any more detail than that, but it’s not a big jump to assume that this bug was spotted by privacy and social justice activists at Amnesty, and investigated by incident response handlers at Google.
