Apple Patches Bug in Swift Programming Language
Apple’s Swift programming language is a useful tool for developers on Mac and iOS platforms due to its versatility and wide-reaching application. Occasionally, though, Apple uncovers issues within Swift that could unintentionally allow bad actors to make inroads towards attack execution. A new Swift module released only a few months ago recently received an update to correct such an issue.
In March, Apple introduced a new open source framework for developers to use, called SwiftNIO, or “Non-Blocking IO.” What it does is complex, but it centers around providing a secure network link between a developer’s applications and the web server that it interacts with during operation. SwiftNIO allows developers to skip some communications steps on the back end of things which can help to reduce the number of ways an attacker can try to penetrate the framework.
Apple has released an update for SwiftNIO, version 1.8.0, which not only includes all the previous incremental security fixes but also fixes a new vulnerability. Though details of the exploit have not been publicly disclosed, Apple’s release notes indicate that an attacker could have exploited a weakness in the code to trigger an overflow. If exploited, the attacker would then gain the ability to take control of SwiftNIO and execute arbitrary code.
With this update, Apple has corrected the bug and closed this particular attack vector. Average users do not need to take any action regarding this update. For developers, the latest version of SwiftNIO is available through Apple’s Git page.