Slashdot Mirror
Vulnerability in WebKit Crashes and Restarts iPhones and iPads (zdnet.com)
Catalin Cimpanu, writing for ZDNet: A security researcher has discovered a vulnerability in the WebKit rendering engine used by Safari that crashes and restarts the iOS devices -- iPhones and iPads. The vulnerability can be exploited by loading an HTML page that uses specially crafted CSS code. The CSS code isn't very complex and tries to apply a CSS effect known as backdrop-filter to a series of nested page segments (DIVs). Backdrop-filter is a relative new CSS property and works by blurring or color shifting to the area behind an element. This is a heavy processing task, and some software engineers and web developers have speculated that the rendering of this effect takes a toll on iOS' graphics processing library, eventually leading to a crash of the mobile OS altogether.
apply a CSS effect known as backdrop-filter
Just display the text. DISPLAY. THE. TEXT. That's all I want in a browser (well, accepting forms too I suppose, that is fairly handy.)
Movement and special effects and such are for movies. If I wanted blurry text I'd take off my glasses.
If the universe is someone's simulation -- does that mean the stars are just stuck pixels?
All you need is the proper APK that will turn your iPad into a washing machine and your iPhone into a cabbage
Could this be the cause of frequent crashes on my ios9 Dolphin browser? ad-blocker blockers fighting back?
It's NOT ME doing it, it's c6gunner (his name's on posts impersonating me doing it e.g. https://linux.slashdot.org/com... ) so don't try put this on me - I only posts where hosts are effective vs. threats/trackers etc. e.g. https://it.slashdot.org/commen... & https://it.slashdot.org/commen... & https://it.slashdot.org/commen... & https://it.slashdot.org/commen... + https://it.slashdot.org/commen... where hosts did indeed nullify the threats involved.
* I don't like that bs csgunner is doing anymore than you do (especially saying I have a MacOS X version ready, I don't (yet) & that it works vs. spectre/meltdown etc. lies).
APK
P.S.=> Still, don't make that kind of threat - not w/ me (friendly warning that because where I am from I really HAVE done what you're talking about & am not afraid to do so IF needed to DEFEND myself) - especially WHEN I DO NOT MERIT IT!... apk
k but... how to install on iphone?
I am aware some people need someone who can help them dig out secrets as well figure out the truth,this can only be done by a professional hack investigator who is fast and reliable. i heard a lot about this man Proffrankhack @ gmail.com which called my attention to give him a try despite not knowing him,i was shocked at the result i got because his ability to crack any database as well spy any mobile phone without physical access is amazing do yourself a favour by calling him to your rescue
To quote a film hero of mine? "I'm not leavin': This is ground zero. This is MY site! I'm not gonna let this happen. I can still fix this..." Dr. Robert Neville I am LEGEND
* Get it? Good...
APK
P.S.=> Another quote from that excellent inspirational film that applies to "YOUR KIND" (filthy vampires): "Typical human behavior is now ENTIRELY ABSENT..." apk
Doesn't actually crash or reboot iOS. It just looks like it while it reloads the graphic system. Comes back way too fast to be a restart, all apps still running, all Safari tabs saved except the offending tab, phone doesn't say it was restarted on the lock screen like it does after a restart.
Tested on iPhone 5c, iOS 10.3.3.
c6gunner your FAKEname's on a post impersonating me & worse is you altering /. user's words https://linux.slashdot.org/com... as I challenged you to show you do better work and you can't after you tried to mock me you hypocrite LYING loser https://linux.slashdot.org/com... .
* You're online FAKENAME trash c6gunner & a childish dishonest punk.
(PUTTING WORDS IN MY MOUTH TOO saying what I don't (on spectre/meltdown) https://tech.slashdot.org/comm... )
APK
P.S.=> Impossible to deny FACT of your FAKEname (for your FAKE wasted lie of a so-called life) on that 1st post link above you unbelievable pussy loser... apk
That shit *originated* there! Ever since HTML 3.0.
The W3C reigned them in with HTML 4.0 and XHTML.
But they rebelled, and created the infamous What(TheFuck)WG, which went into full code schizophrenia. Because instead of basing their code on standards, they just dumped their entire spaghetti code mess into a huge "standard". And because the whole point of standards apparently now isn't reliable stability anymore, it is a "living" one. Meaning it mutates whenever you blink, piling up the next implementation of the inner-platform effect anti-pattern of bored iDiots using iDevices in vegan SJW coffe shops that cannot tell the WWW from the Internet from programs anymore.
Will it fixed in tomorrow's iOS 12 release?
Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
Doesn't actually crash or reboot iOS
Gave me a nice clean reboot (iPhone 6s+, iOS 11.4.1). Worked on both Safari and Firefox Focus, (much faster on Firefox, than Safari). Great on-line utility, someone needs to put this up on http://reboot_iOS.com.
Their OS is broken by design or implementation, if a web browser can crash it.
like that time Apple made sure you could tell Safari to snap pictures with the camera without turning on the camera LED.
and now they forgot to patch things up properly, and someone stumbled over an accidental bug as a consequence of this...
Apple always leaves a way into the system via Safari.
A lot of browsers have a reader mode which just displays text and inline images - no adverts, no flash....
It's a real pleasure to see some pages 'old school' without all the rubbish.
It's not *that bad* really. The crash occurs in the gfx library / rendering engine, on a lower level. It's just given a single absolutely massive rendering task it's unable to complete within the watchdog duty cycle. Someone didn't foresee this - normally the library should be done with its job within microseconds, but this specific job was engineered to take a "macroscopic" time slice, and so, the watchdog bites.
There are solutions - but not easy. It would be fairly difficult to design a subsystem that estimates time required to render a specific effect, before deciding "just don't do it", An easier approach would be to abort the rendering job after a preset time, and restore the subsystem to a stable state. This would require a separate dedicated watchdog, and a special subsystem that is capable to abort and unroll an arbitrary job mid-way through. Or they could slice the rendering engine vertically, and make it perform only a specific amount of work per time slice. And this gets quite convoluted because you're replacing simple loops with a finite state machine.
All doable, all difficult and costly... and not contributing to normal web experience, just protecting against malicious attacks. Yeah, they fucked up, but it's a 'the fucking incompetent idiots' fuckup type, it's just 'for fuck's sake, do we really have to protect against THIS too?' one.
45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
So the "I hack people with HTML" memes are true at last. Thank you Apple.
sudo rm -r -f --no-preserve-root /
Back when MySpace was around, end-users were throwing in SOOOOO much aweful stuff that it made a great test environment for the browser developers: All they had to do was browse a few of the truly hideous MySpace pages and if the thing didn't crash in a horrible, nasty way, then it could handle ANYTHING else on the Web! :P
I would rather have the user determine the look of a webpage. We want text, images, videos, and audio, and menu, and a search box that we don't need to use a find function to find.
https://www.youtube.com/c/BrendaEM
Arstechnica = losers who stalked me (as you do now anonymously unidentifiably) to NTCompatible.com & Windows IT Pro magazine forums to their public dismay in Jeremy Reimer & Jay Little + Jarrett DeAngelis (who posts here on /. until I drove his ass off too) when their websites were REMOVED by their hosting providers in Shaw Canada & CrystalTech (for both email harassing me caught on a tracking ticket + stalking me & posting lies about me on them AFTER I destroyed them both PUBLICLY @ Windows IT Pro on Exchange Servers memory being freed UNHALTING them (which tells you Exchange is HEAVILY POINTER ORIENTED linked list driven, which leads to memory fragmentation that CAN halt a serverware)).
Jay Little the "self-proclaimed 'EXCHANGE EXPERT'" HAD TO CONCEDE IT from MICROSOFT'S OWN DOCUMENTATION proving it FOR me there (where they as usual stalked me AS YOU ARE NOW)
Peter Bright/Dr. Pizza (alias GOITERMAN, lol) can tell you what happened to his IRC server after that (lol).
"The great arseHOLEtechnica" (not) RUN OUT of their own server chatrooms hahaha (by "yours truly").
APK
P.S.=> In effete retaliation they edited my posts & impersonated me on their little playpen of UNDERACHIEVER losers... apk
It's not *that bad* really. The crash occurs in the gfx library / rendering engine, on a lower level. It's just given a single absolutely massive rendering task it's unable to complete within the watchdog duty cycle. Someone didn't foresee this - normally the library should be done with its job within microseconds, but this specific job was engineered to take a "macroscopic" time slice, and so, the watchdog bites.
There are solutions - but not easy. It would be fairly difficult to design a subsystem that estimates time required to render a specific effect, before deciding "just don't do it", An easier approach would be to abort the rendering job after a preset time, and restore the subsystem to a stable state. This would require a separate dedicated watchdog, and a special subsystem that is capable to abort and unroll an arbitrary job mid-way through. Or they could slice the rendering engine vertically, and make it perform only a specific amount of work per time slice. And this gets quite convoluted because you're replacing simple loops with a finite state machine.
All doable, all difficult and costly... and not contributing to normal web experience, just protecting against malicious attacks. Yeah, they fucked up, but it's a 'the fucking incompetent idiots' fuckup type, it's just 'for fuck's sake, do we really have to protect against THIS too?' one.
Yup. Didn't crash my little Mini (Late 2012 model, 16GB RAM, 2.5GHz Ivy Bridge Core i5), but it did max out the CPU and bring it to a crawl until I closed the window. Didn't test it on my iPhone 6s, but I presume it'd fair even worse.
You don't practice what you preach in using your registered 'luser' account as you STALK me by UNIDENTIFIABLE anonymous, lol - hypocrite...
* IF some guy named "Andrew K" didn't take APK years before I got here, I'd do "APK" but since I can't have what I want (just being ME, unlike the FAKE NAME for FAKE LIVES sockpuppeteering type most of "your kind" are that is)? I don't bother... I've got 100's up UPMODS anyway (despite ac's like me being harder to see for many users since /.'s 'downmoderation system' hides our posts by default) + DOZENS here liking & USING my work praising it - do you?
HELL NO!
APK
P.S.=> Do you get your degree (though I doubt "your kind" has the work-ethic OR intelligence to get one @ all, lol) @ "the UNIVERSITY of DUMB" or what? LMAO... apk
I was going to offer a new software-as-a-service: reboot.me. It's web native, written in just html and css!
????? I just tested it and my whole phone crashed. I had to hold the button to turn it back on. So it is 100% crashing the iOS on some devices.
-iPhone 7 11.4.1