A new CSS-based web attack will crash and restart your iPhone – TechCrunch
A safety researcher has discovered a brand new strategy to crash and restart any iPhone — with only a few traces of code.
Sabri Haddouche tweeted a proof-of-concept webpage with simply 15 traces of code which, if visited, will crash and restart an iPhone or iPad. These on macOS can also see Safari freeze when opening the hyperlink.
The code exploits a weak spot in iOS’ net rendering engine WebKit, which Apple mandates all apps and browsers use, Haddouche advised TechCrunch. He defined that nesting a ton of components — resembling <div> tags — inside a backdrop filter property in CSS, you should use up all the system’s sources and trigger a kernel panic, which shuts down and restarts the working system to stop injury.
“Something that renders HTML on iOS is affected,” he stated. Which means anybody sending you a hyperlink on Fb or Twitter, or if any webpage you go to contains the code, or anybody sending you an e mail, he warned.
TechCrunch examined the exploit operating on the newest cellular software program iOS 11.four.1, and make sure it crashes and restarts the cellphone. Thomas Reed, director of Mac & Cellular at safety agency Malwarebytes confirmed that the newest iOS 12 beta additionally froze when tapping the hyperlink.
The fortunate whose gadgets gained’t crash could see their system restart (or “respring”) the person interface as a substitute.
For these curious, you possibly can see the way it works with out it operating the crash-inducing code.
The excellent news is that as annoying as this assault is, it may well’t be used to run malicious code, he stated, which means malware can’t run and information can’t be stolen utilizing this assault. However there’s no straightforward strategy to stop the assault from working. One faucet on a booby-trapped hyperlink despatched in a message or opening an HTML e mail that renders the code can crash the system immediately.
Haddouche contacted Apple on Friday concerning the assault, which is claimed to be investigating. A spokesperson didn’t instantly reply to a request for remark.
Supply hyperlink – https://techcrunch.com/2018/09/15/a-new-css-based-web-attack-will-crash-and-restart-your-iphone/