Title shortened, because my hands are awful right now. This concerns a bug in WebKit, which can cause a kernel panic, or a freeze, depending on your iOS version. Thus, every single browser on an...
Title shortened, because my hands are awful right now.
This concerns a bug in WebKit, which can cause a kernel panic, or a freeze, depending on your iOS version. Thus, every single browser on an iPhone is vulnerable, as Apple mandates you use their rendering engine.
It's designed to use excessive nesting of divs, whilst pushing an intensive bit of CSS to it.
It concerns backdrop-filter, but other intensive bits of CSS may also be vulnerable. Early days.
The site shouldn't affect you on the desktop, but if you click that link with an iPhone, it may cause havoc.
But it should also be noted this isn't a remote execution vulnerability (at this stage). Just a way to overwhelm the system.
No, I don't think so. We barely know what this bug does, and it's making the rounds of the web. At the moment we think it just crashes a phone, but we don't really know what the details of the...
Maybe I'm getting overly cranky again not having had a full cup of coffee yet. I'm just not looking forward to another instance where an iOS bug is published before it is patched, causing everyone on Reddit, or elsewhere, to make posts that crash my phone.
No, I don't think so. We barely know what this bug does, and it's making the rounds of the web. At the moment we think it just crashes a phone, but we don't really know what the details of the kernel panic are yet.
Though I don't think it could be used for an RCE, I do think it might be the kind of crash where if you cause it and grab the memory dump live, it might reveal sensitive information. The kind of thing law enforcement could use to grab keys.
And when the kernel panics, does that mean its contact with the isolated broadcom chip stops? Or can we leak our memory dump across the network?
There's a few options for taking the crash one step further, depending on how and what it's doing. But let's ignore all that and publish it everywhere!
If it wasn't 2AM I'd grab a coffee to calm down. It was irresponsible. Probably harmless, but maybe not. Not the kind of practice that should be encouraged.
Title shortened, because my hands are awful right now.
This concerns a bug in WebKit, which can cause a kernel panic, or a freeze, depending on your iOS version. Thus, every single browser on an iPhone is vulnerable, as Apple mandates you use their rendering engine.
It's designed to use excessive nesting of divs, whilst pushing an intensive bit of CSS to it.
It concerns
backdrop-filter
, but other intensive bits of CSS may also be vulnerable. Early days.The site shouldn't affect you on the desktop, but if you click that link with an iPhone, it may cause havoc.
But it should also be noted this isn't a remote execution vulnerability (at this stage). Just a way to overwhelm the system.
No, I don't think so. We barely know what this bug does, and it's making the rounds of the web. At the moment we think it just crashes a phone, but we don't really know what the details of the kernel panic are yet.
Though I don't think it could be used for an RCE, I do think it might be the kind of crash where if you cause it and grab the memory dump live, it might reveal sensitive information. The kind of thing law enforcement could use to grab keys.
And when the kernel panics, does that mean its contact with the isolated broadcom chip stops? Or can we leak our memory dump across the network?
There's a few options for taking the crash one step further, depending on how and what it's doing. But let's ignore all that and publish it everywhere!
If it wasn't 2AM I'd grab a coffee to calm down. It was irresponsible. Probably harmless, but maybe not. Not the kind of practice that should be encouraged.
Yup, click link to reboot your iOS device.
I'm curious, has there ever been a bug like this that has affected multiple rendering engines? Is that even possible?
I don't know of any, but it certainly is possible if there is a bug in the incredibly complex standards that are used.