Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
IOS Iphone Security

Vulnerability in WebKit Crashes and Restarts iPhones and iPads (zdnet.com) 57

Catalin Cimpanu, writing for ZDNet: A security researcher has discovered a vulnerability in the WebKit rendering engine used by Safari that crashes and restarts the iOS devices -- iPhones and iPads. The vulnerability can be exploited by loading an HTML page that uses specially crafted CSS code. The CSS code isn't very complex and tries to apply a CSS effect known as backdrop-filter to a series of nested page segments (DIVs). Backdrop-filter is a relative new CSS property and works by blurring or color shifting to the area behind an element. This is a heavy processing task, and some software engineers and web developers have speculated that the rendering of this effect takes a toll on iOS' graphics processing library, eventually leading to a crash of the mobile OS altogether.
This discussion has been archived. No new comments can be posted.

Vulnerability in WebKit Crashes and Restarts iPhones and iPads

Comments Filter:
  • Really? (Score:2, Insightful)

    apply a CSS effect known as backdrop-filter

    Just display the text. DISPLAY. THE. TEXT. That's all I want in a browser (well, accepting forms too I suppose, that is fairly handy.)

    Movement and special effects and such are for movies. If I wanted blurry text I'd take off my glasses.

    • Re: (Score:3, Insightful)

      by Gr8Apes ( 679165 )
      The entire HTML/CSS rendering concept is flawed from the get-go, with piss poor standardization and failure to maintain boundaries within graphical elements. It's effectively a pinup board with no boundaries and no real rules on rendering. But it's Agile! ;)
      • by Anonymous Coward

        Everything w3c touches is flawed from the get-go

        Let ISO/ANSI/ECMA or even JEDEC handle it and at least they will write down what is implementation defined and what is not in a clear way.
        At least we will be able to tell if it is the page that is broken or the browser that can't handle it.

    • by Anonymous Coward

      We tried leaving this junk out of the spec.

      That got us Flash because web "developers" love the shiny graphical bullshit.

      There's a reason all this shit is getting dumped into browsers now, and it's because if it weren't, web "developers" would find some way to do it anyway.

      Also, if you want to see this bullshit in use, just go to Apple's homepage. They use that crap all the time. (Note: it's most egregious on their "learn more" pages.)

      • Re:Really? (Score:5, Insightful)

        by CanadianMacFan ( 1900244 ) on Sunday September 16, 2018 @07:49PM (#57325224)

        It's not the developers. It's the designers who f*cking think that their site should look the same on every browser and every computer no matter what. They were the idiots that used to think that because your screen had n pixels in width then their website could be n pixels wide too. I mean, everybody has their browser maximized right?!?!? They also think that everyone has a high-speed connection to download unoptimized graphic files.

        It's HTML, it's going to look slightly different on different browsers and different platforms. Live with it. If it really needs to look the same then make a PDF to download.

    • by Anonymous Coward

      Just display the text. DISPLAY. THE. TEXT. That's all I want in a browser (well, accepting forms too I suppose, that is fairly handy.)

      That assertion is bullshit because if that's all you want then you would just use Lynx. Of course if you're using an iDevice then you have obviously chosen the wrong platform but even then there is Text Browser.

    • by gweihir ( 88907 )

      How old-school. Today everything must be blinking and beeping or it is not real, have you not heard?

      In other news, I am waiting for a browser that has a "plain" no-bullshit mode, without quite going back to links or the like.

      • A lot of browsers have a reader mode which just displays text and inline images - no adverts, no flash....

        It's a real pleasure to see some pages 'old school' without all the rubbish.

    • Re:Really? (Score:4, Insightful)

      by thegarbz ( 1787294 ) on Monday September 17, 2018 @03:28AM (#57326600)

      Just display the text.

      1990 called, they want their HTML 1.0 back.

      That's all I want in a browser

      Use Lynx, and leave the rest of us alone.

  • Will it fixed in tomorrow's iOS 12 release?

  • by volodymyrbiryuk ( 4780959 ) on Monday September 17, 2018 @08:02AM (#57327296)
    So the "I hack people with HTML" memes are true at last. Thank you Apple.
  • I would rather have the user determine the look of a webpage. We want text, images, videos, and audio, and menu, and a search box that we don't need to use a find function to find.

Never test for an error condition you don't know how to handle. -- Steinbach

Working...