>>>Neither vulnerability can push malware onto crashed devices so it's more a nuisance than anything else<<< yet
I'm sure there's an evil git or two working on that as we speak
Apple iPhones, iPads, and Mac computers that stray onto websites with malicious CSS code, while using Safari, can crash or fall over – due to a flaw in the web browser. The WebKit rendering engine vulnerability can be triggered by just a few lines of code in a cascading style sheet (CSS). On iOS devices, at least, it all …
Given that Apple released iOS 12.0 today, and 12.0.1 would inevitably follow to clean up any lingering issues, the timing of this means the exploit window will be very short indeed. Since 12.x is available on everything that supported 11.x, and results in performance increases over 11.x as well, there's zero reason why anyone should be unwilling to upgrade and get that fix when it is available, either.
It seems to me that too many people think of writing HTML and CSS as "coding". In my opinion it is not.
In my view:
CSS isn't code; it is a set of rule definitions that tell the browser (or other rendering engine) what effects to apply to specifically selected markup.
HTML isn't code; it is a structured set of markup that describes content to be rendered.
Programming is not coding anyway. Coding is what a code generator in a compiler does.
But programming does not have to be imperative, like functional programming it can be declarative. This is telling the computer what you want, rather than how to do it. Relational databases are also founded on this principle.
We need to get away from code.
So you'd rather there were a dozen browser engines, of which 8 were vulnerable, than three browser engines of which 2 were vulnerable? Or are you just assuming if there were a dozen browser engines we'd still have only 2 vulnerable ones and the other nine new ones would all be fortunate enough to not be vulnerable?
Well, I'd rather we weren't a heartbeat away from only having 2 (if Mozilla couldn't stagger on any more). And iOS users might not be too delighted that they have a choice of precisely one engine. So whilst I wouldn't go along with your strawman of a dozen browser engines, I don't think that the current situation is good for anyone.
"So you'd rather there were a dozen browser engines"
I'd rather there was more than ONE, because in my time using an older iOS release, I found Safari to be quite crashy. No worries, there's always Dolphin. Oh wait, it crashes in exactly the same way on the same things.
At least on Android, stuff that messed up the stock browser (including that hideous bodging of text sizes) could be dealt with by installing Firefox...
It's called choice. Too much choice may not be good, but no choice at all is worse.
"And iOS users might not be too delighted that they have a choice of precisely one engine."
I thought that the main pulling-force of iOS was precisely that the users don't have to make any choices? It's apple's way or no way.
Go to an electronics mega store or into an actual Apple store & head over to their desktop section.
Use a BlueTooth enabled device to broadcast that URL as a bookmark on the desktop.
Next go through the Iphone/Ithing section doing the same thing, so every Apple device now contains the bookmark.
Leave before anyone clicks said bookmark & gives the place a feisty, festive air.
I'm not worried that it's evil, I already know Heaven doesn't want me & Satan's got a restraining order...
MS Edge on W10 displays: This page is having a problem loading...
MS Edge on W10 Mobile displays: This page is having a problem loading...
MS IE 11 on W10: We were unable to return you to rawgit.com...
Firefox on W10 loads the website: Triggered.
Opera on W10 loads the website: Triggered.
None of the tested devices/browsers above crashed or froze.
Safari on iOS 11 & 12, iPhones 7,8 & iPads 6th 2018 freezes and crashes/reboots the devices.
Biting the hand that feeds IT © 1998–2020