WebKit rendering engine vulnerability

September 15, 2018

by Catalin Cimpanu

 

A security researcher has discovered a vulnerability in the WebKit rendering engine used by Safari that crashes and restarts the iOS operating system used by iPhones and iPads.

The vulnerability can be exploited by loading an HTML page that uses specially crafted CSS code. The CSS code isn’t very complex and tries to apply a CSS effect known as backdrop-filter to a series of nested page segments (DIVs).

Backdrop-filter is a relative new CSS property and works by blurring or color shifting to the area behind an element. This is a heavy processing task, and some software engineers and web developers have speculated that the rendering of this effect takes a toll on iOS’ graphics processing library, eventually leading to a crash of the mobile OS altogether.

Sabri Haddouche, a software engineer and security researcher at encrypted instant messaging app Wire, is the one who discovered the vulnerability, and published proof-of-concept code on Twitter earlier today.

Click here to read the full article on ZDNet

More Posts

June 4 6pm

It appears that Hostgator has finally resolved the DNS and SSL Certificate issues with all of the domains. While this did not impact the ability

June 1 through 4, 2026

Monday, I had contacted Hostgator about the “Error. Page cannot be displayed. Please contact your service provider for more details.” message that is appearing on

May 26 through 28, 2026

This week I will be preparing for the end of month. I will continue to be working on my online courses. The information from these