Watch Out! This Web Page Can Crash Your iPhone
The tech giant Apple has to review a number of procedures regarding the security of its operating systems. Despite the fact that they respond very quickly to the repair of any security incident or not, the company has to “close” the box of bugs. A new attack has been discovered that will cause iOS to reboot and macOS to freeze by simply visiting a web page that contains certain CSS and HTML code. This bug does not affect Windows and Linux users.
The bug affecting iOS and macOS
This new attack was discovered by Sabri Haddouche, a security researcher at Wire, who was able to create a way to quickly use the features of an Apple device so that it failed to visit a web page. According to Haddouche, “the attack uses a weakness in the CSS property -WebKit-backdrop-filter”. Using divs aligned with this property, we can quickly consume all graphical features and crash or freeze the operating system. The attack does not require Javascript to be activated, so it also works in Mail. In macOS, freezing occurs in the user interface. On iOS, the lack of a mechanism causes the device to restart.
Source: https://t.co/Ib6dBDUOhn IF YOU WANT TO TRY (DON’T BLAME ME IF YOU CLICK) : https://t.co/4Ql8uDYvY3 — Sabri (@pwnsdx) September 15, 2018 This attack affects all browsers on iOS, as well as Safari and Mail on macOS because they all use the WebKit rendering engine. As you know, third-party browsers are affected because the tech giant Apple does not allow another rendering engine to be used. Depending on the version of iOS in use, this may cause a different result. The device may restart only the user interface or may cause a panic kernel, which causes the device to restart. The investigator ran the tests using iOS 12 and the device was completely restarted, but on iOS 11.4.1, it only caused a new impression.
Attack works simply if you visit a webpage
When a user visits a page that hosts this specially crafted CSS and HTML code, depending on the version of iOS, the device quickly uses all available features. For Mac users, this will make the well-known Safari browser session automatically start and freeze the Mac. Unfortunately, at this moment there is no way to mitigate this type of attack. Basically, the user should have to take some care where he/she clicks and what kind of sites he/she clicks on the links, do not click on random links until the tech giant Apple develops and launches a fix. For those who want to see the CSS and HTML that causes this attack, the investigator posted it on their GitHub page. Just be careful about clicking on the link (Click Here To Crash Your iPhone or Mac PC) because it will simply freeze your iOS quickly or cause problems on the Mac. So, what do you think about this? Simply share all your views and thoughts in the comment section below.
Δ