Vulnerability in WebKit Crashes and Restarts iPhones and iPads

Catalin Cimpanu, writing for ZDNet: A security researcher has discovered a vulnerability in the WebKit rendering engine used by Safari that crashes and restarts the iOS devices -- iPhones and iPads. The vulnerability can be exploited by loading an HTML page that uses specially crafted CSS code. The CSS code isn't very complex and tries to apply a CSS effect known as backdrop-filter to a series of nested page segments (DIVs). Backdrop-filter is a relative new CSS property and works by blurring or color shifting to the area behind an element. This is a heavy processing task, and some software engineers and web developers have speculated that the rendering of this effect takes a toll on iOS' graphics processing library, eventually leading to a crash of the mobile OS altogether.

Re:quality software apple

[SharpFang]

It's not *that bad* really. The crash occurs in the gfx library / rendering engine, on a lower level. It's just given a single absolutely massive rendering task it's unable to complete within the watchdog duty cycle. Someone didn't foresee this - normally the library should be done with its job within microseconds, but this specific job was engineered to take a "macroscopic" time slice, and so, the watchdog bites.

There are solutions - but not easy. It would be fairly difficult to design a subsystem that estimates time required to render a specific effect, before deciding "just don't do it", An easier approach would be to abort the rendering job after a preset time, and restore the subsystem to a stable state. This would require a separate dedicated watchdog, and a special subsystem that is capable to abort and unroll an arbitrary job mid-way through. Or they could slice the rendering engine vertically, and make it perform only a specific amount of work per time slice. And this gets quite convoluted because you're replacing simple loops with a finite state machine.

All doable, all difficult and costly... and not contributing to normal web experience, just protecting against malicious attacks. Yeah, they fucked up, but it's a 'the fucking incompetent idiots' fuckup type, it's just 'for fuck's sake, do we really have to protect against THIS too?' one.