WebKit rendering engine vulnerability

September 15, 2018

by Catalin Cimpanu

 

A security researcher has discovered a vulnerability in the WebKit rendering engine used by Safari that crashes and restarts the iOS operating system used by iPhones and iPads.

The vulnerability can be exploited by loading an HTML page that uses specially crafted CSS code. The CSS code isn’t very complex and tries to apply a CSS effect known as backdrop-filter to a series of nested page segments (DIVs).

Backdrop-filter is a relative new CSS property and works by blurring or color shifting to the area behind an element. This is a heavy processing task, and some software engineers and web developers have speculated that the rendering of this effect takes a toll on iOS’ graphics processing library, eventually leading to a crash of the mobile OS altogether.

Sabri Haddouche, a software engineer and security researcher at encrypted instant messaging app Wire, is the one who discovered the vulnerability, and published proof-of-concept code on Twitter earlier today.

Click here to read the full article on ZDNet

More Posts

April 20 through 23, 2026

This week I will be adding pages and content to the bbn-net.com website. These additions will have no impact on site functions but will simply

April 16, 2026

I will be making a few polishes to things this morning and then testing this afternoon. I will hopefully me sending out e-mails tomorrow morning

April 15, 2026

Well today did not go as planned. I have to modify the remote listings pages to work with the minor adjustments I had made to