A CSS-Based Web Attack Can Restart Your iPhone Or Freeze Your Mac

  • 438
  •  
  •  
  •  
  •  
  •  
  •  
    438
    Shares

A researcher discovered a new CSS-based web attack that can make your iPhone restart or respring. Moreover, Mac users may also be affected by the vulnerability.

CSS-Based Web Attack Affecting iOS And MacOS

Security researcher Sabri Haddouche discovered a new CSS-based web attack to crash iOS. According to his findings, simply clicking on a website with a particular 15 line code could trigger respring or restart in case of iOS. Whereas, for Mac users, the code could result in crashing the browser. He shared the Proof-of-Concept in a tweet.

He said to Bleeping Computer,

“The attack uses a weakness in the -webkit-backdrop-filter CSS property. By using nested divs with that property, we can quickly consume all graphic resources and crash or freeze the OS. The attack does not require Javascript to be enabled therefore it also works in Mail. On macOS, the UI freeze. On iOS, the device restart.”

Since all iOS browsers use the WebKit rendering engine, Therefore theoretically iOS browsers, Safari and Mail on MacOS would be vulnerable to this attack too.

Be Careful While Clicking On Any Links

Talking about the severity of the impact of this CSS-based web attack, Haddouche told TechCrunch,

“Anything that renders HTML on iOS is affected.”

It means the users should remain extremely vigilant when clicking any links, as they can instantaneously suffer a system crash. The link with this code may reach you via emails, Facebook, Twitter, or any other web page. Regarding whether your device would restart or respring, depends on the OS version. Haddouche tested his findings on iOS 12 that resulted in a complete reboot due to a “kernel panic”. However, on iOS 11.4.1, he only observed a respring or a UI restart.

This vulnerability primarily targets iOS and Mac users. Windows and Linux users remain safe from this attack. The researcher has already informed Apple of the vulnerability on Friday. So we can expect a fix for this vulnerability soon.

The following two tabs change content below.
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!