This is wild: while writing his own parallel-decodable PNG implementation, David Buchanan discovered he had a bug in his code. Soon after, he found out Apple has the same bug in their implementation which ships with macOS and iOS.
As a result, it’s possible to craft a PNG in such a way that Apple’s decoder will show a different image. Because Safari delegates the task of decoding images to the OS, all Apple browsers — including MobileSafari — also show the “wrong” image.
If you’re using Apple-flavoured software, you should see “HELLO APPLE”, and on all other software, you should see “HELLO WORLD”.
Here’s a side-by-side comparison:
Because other desktop browsers on macOS — such as Google Chrome and Mozilla Firefox — use their own built-in PNG decoder, they are not affected by this. On iOS however, all browsers are affected because all browsers on iOS are essentially nothing more than a differently skinned MobileSafari.
David also created a tool to craft your own PNG.
>Chrome uses its built-in PNG decoder
Chrome on iOS too?
The iOS web rendering restriction is a really under-complained-about issue. It’s one of the reasons FireFox got destroyed in “market share” and it’s hurt the web and the Internet.
Chrome on iOS is forced to use the built-in WebKit Engine; the same one that powers Safari. Therefore it is also affected by it.
Good call. Will update the post to clarify this.
Leave a comment