Failure to check the object type provides an opportunity for an attacker to create a type confusion error capable of crashing Safari.
Developing a more serious exploit that enables arbitrary code execution would require additional work to create exploit primitives that bypass WebKit defenses like Pointer Authentication Codes (cryptographic signatures for pointers on Arm-compatible devices). Becker nonetheless suggests this malware defense can be overcome by attackers, pointing to recent Project Zero research.
"This exploit is only the first stage in compromising a user's device," said Becker in an email to
The Register. "Attackers would still need to bypass PAC (an exploit mitigation present in newer iPhones and M1 Macs) in order to execute arbitrary code. Also, most user data is not accessible until an attacker escapes the Safari sandbox, which likely involves exploiting additional vulnerabilities."