Safari Flaw Crashes, Reboots iPhones, iPads With Just 15 Lines of Code

A security researcher named Sabri Haddouche has discovered a new flaw in WebKit, the layout engine which allows Apple’s Safari browser to render web pages, that causes an iOS device to crash with just 15 lines of code embedded in a link. The code takes advantage of a vulnerability in WebKit and overloads the system resources which forces an iPhone or an iPad to crash when the webpage is accessed via the Safari browser.

“Anything that renders HTML on iOS is affected”, Sabri was quoted as saying byTechCrunch. The security expert has published the code on his GitHubpageand has also created a webpage containing the same code that can cause an iOS device to crash or reboot.

How to force restart any iOS device with just CSS? 💣

Source:https://t.co/Ib6dBDUOhn

IF YOU WANT TO TRY (DON’T BLAME ME IF YOU CLICK) :https://t.co/4Ql8uDYvY3

— Sabri (@pwnsdx)September 15, 2018

The security researcher explained that a number of elements in the code are repeated‘inside a backdrop filter property in CSS’, which end up using all of the available system resources and trigger a process called ‘kernel panic’ that shuts down a device in order to prevent damage. For some users, their device will simply shut down, while in the case of a few others, their iPhone or iPad will reboot.The code also causes a macOS device to freeze (Image courtesy: filosofikode/Github)

It has been verified that the code affects devices running the most recent stable iOS (v11.4.1) build as well as the latest iOS 12 beta update. The exploit can also cause macOS devices to freeze when the webpage is opened in Safari.

The code is fool-proof and there is no way to prevent it from shutting down or rebooting an iOS device, but luckily, the exploit cannot be used to seed malware for stealing data or doing any other form of damage.

Nadeem Sarwar

Add new comment

Name

Email ID

Δ

01

02

03

04

05