CVE-2024-40782 – Nullptr crash due to `display:ruby block` and continuations. (1st Aug 2024)

Preface: Apple doesn’t allow third party developers to use any other browser engine other than the WebKit which is the engine developed by Apple.

Background: The browser parses HTML into DOM and css into CSSOM and combines them to create a render tree. Once each node from the DOM has its style assigned, the rendering engine computes the size of each node and its position on the screen.

The process that goes from interpreting HTML, CSS, and Javascript to pixel conversion can be grouped in 4 (four) general steps:

  1. Parsing of the HTML document to DOM (Document Object Model).
  2. CSS file interpretation (CSSOM – Cascading Style Sheets Object Model) for each of the DOM nodes.
  3. Creation of the new tree that includes the DOM, and each node’s style and layout.
  4. A render tree is rendered.

Vulnerability details: A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.

Official announcement: Please refer to the official announcement for details –

https://nvd.nist.gov/vuln/detail/CVE-2024-40782

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.