WebKit rendering engine vulnerability

September 15, 2018

by Catalin Cimpanu

 

A security researcher has discovered a vulnerability in the WebKit rendering engine used by Safari that crashes and restarts the iOS operating system used by iPhones and iPads.

The vulnerability can be exploited by loading an HTML page that uses specially crafted CSS code. The CSS code isn’t very complex and tries to apply a CSS effect known as backdrop-filter to a series of nested page segments (DIVs).

Backdrop-filter is a relative new CSS property and works by blurring or color shifting to the area behind an element. This is a heavy processing task, and some software engineers and web developers have speculated that the rendering of this effect takes a toll on iOS’ graphics processing library, eventually leading to a crash of the mobile OS altogether.

Sabri Haddouche, a software engineer and security researcher at encrypted instant messaging app Wire, is the one who discovered the vulnerability, and published proof-of-concept code on Twitter earlier today.

Click here to read the full article on ZDNet

More Posts

March 3 through 6, 2025

This week I will be compiling the end of month numbers and sending out the report on Monday afternoon. I will also be working on

February 24 through 27, 2025

I will be working on multiple websites making SEO adjustments. I will also be away from my desk on appointments at various times throughout the

February 17 through 20, 2025

This week I will be working on updates to content and plugins to help boost SEO. I will also be reviewing the Google updates for