CSS code crashes iPhones and iPads

Opening a page with just a few lines of CSS code can crash iOS devices like the iPhone or iPad.

In Apple’s Webkit a new vulnerability has been discovered, so attackers can be relatively easily crashed by just a few lines of CSS code, iPhone and iPad.

The CSS snippet only needs to be placed on one page. If the iOS user receives it as a link, for example, and opens it using the Safari browser, the device crashes. The cause of the problem probably lies in a quite new feature of the style sheet language CSS. This allows, for example, to blur the background of an object and to change its color. So elements that are placed over an image can be made more recognizable.

The vulnerability itself lies in Apple’s webkit rendering engine, which is responsible for displaying web pages. And since Apple forces all browser manufacturers to use the in-house Webkit, all browsers are affected under iOS. And not only browsers, other apps rely on the Webkitinhalte for presentation, so some apps can be vulnerable.

The security vulnerability has been disclosed by security researcher Sabri Haddouche about Github. According to Haddouche Apple is currently examining the information provided. The attack works from iOS 9, which appeared in 2015.

There is currently no patch or workaround for the vulnerability. Haddouche also advises not to arbitrarily click on the link. Now Apple and other browser manufacturers are asked to fix the gap quickly.

Always trouble with Webkit

Apple has been struggling with a number of bugs in Webkit, and it was not until February 2018 that the notorious Telugu bug caused problems in rendering the complex Unicode and crashed iOS and macOS devices. Again and again, on social media platforms, links make the round that brought Safari to crash or even blocked, so most recently the ChaiOS called crash link was spread via Twitter.

Recent Articles

Most in-demand IT jobs from last decade

Uber for travel, Netflix for leisure and Google for everything is the ideal routine that we all wish to follow, of course with Instagram...

The finest text editor for professional bloggers

It is a fact that blogs have replaced books and magazines due to increasing popularity of the online world. Serious readers subscribe to blogs...

Angular 9 final release released

Angular 9 final is here! The new version was released a little late. Ivy is of course one of the new features, but that's...

VS Code update: New preview features, movable panel and Docker tutorials

The first VS Code update in 2020 was released. In addition to new preview features, parts of the workbench have been revised and the...

Purify: Library for functional programming in TypeScript

The Purify library was developed for functional programming in TypeScript. It should make it possible to use frequently used patterns from functional programming languages...

Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here