WebKit rendering engine vulnerability
September 15, 2018
by Catalin Cimpanu
A security researcher has discovered a vulnerability in the WebKit rendering engine used by Safari that crashes and restarts the iOS operating system used by iPhones and iPads.
The vulnerability can be exploited by loading an HTML page that uses specially crafted CSS code. The CSS code isn’t very complex and tries to apply a CSS effect known as backdrop-filter to a series of nested page segments (DIVs).
Backdrop-filter is a relative new CSS property and works by blurring or color shifting to the area behind an element. This is a heavy processing task, and some software engineers and web developers have speculated that the rendering of this effect takes a toll on iOS’ graphics processing library, eventually leading to a crash of the mobile OS altogether.
Sabri Haddouche, a software engineer and security researcher at encrypted instant messaging app Wire, is the one who discovered the vulnerability, and published proof-of-concept code on Twitter earlier today.