Home / Explore Technology / Tablets / A new CSS-based web attack will crash and restart your iPhone

A new CSS-based web attack will crash and restart your iPhone

A security researcher has found a new way to crash and restart any iPhone — with just a few lines of code.

Sabri Haddouche tweeted a proof-of-concept webpage with just 15 lines of code which, if visited, will crash and restart an iPhone or iPad. Those on macOS may also see Safari freeze when opening the link.

The code exploits a weakness in iOS’ web rendering engine WebKit, which Apple mandates all apps and browsers use, Haddouche told TechCrunch. He explained that nesting a ton of elements — such as <div> tags — inside a backdrop filter property in CSS, you can use up all of the device’s resources and cause a kernel panic, which shuts down and restarts the operating system to prevent damage.

“Anything that renders HTML on iOS is affected,” he said. That means anyone sending you a link on Facebook or Twitter, or if any webpage you visit includes the code, or anyone sending you an email, he warned.

How to force restart any iOS device with just CSS? 💣

Source: https://t.co/Ib6dBDUOhn

IF YOU WANT TO TRY (DON’T BLAME ME IF YOU CLICK) : https://t.co/4Ql8uDYvY3

— Sabri (@pwnsdx) September 15, 2018

TechCrunch tested the exploit running on the most recent mobile software iOS 11.4.1, and confirm it crashes and restarts the phone. Thomas Reed, director of Mac & Mobile at security firm Malwarebytes confirmed that the most recent iOS 12 beta also froze when tapping the link.

The lucky whose devices won’t crash may just see their device restart (or “respring”) the user interface instead.

For those curious, you can see how it works without it running the crash-inducing code.

The good news is that as annoying as this attack is, it can’t be used to run malicious code, he said, meaning malware can’t run and data can’t be stolen using this attack. But there’s no easy way to prevent the attack from working. One tap on a booby-trapped link sent in a message or opening an HTML email that renders the code can crash the device instantly.

Haddouche contacted Apple on Friday about the attack, which is said to be investigating. A spokesperson did not immediately respond to a request for comment.

Check Also

How to watch the live stream for today’s Apple iPhone keynote

Apple is holding a keynote today on its new and shiny campus in Cupertino, and the company is expected to unveil new iPhones, an updated Apple Watch and maybe some other things. At 10 AM PT (1 PM in New York, 6 PM in London, 7 PM in Paris), you’ll be able to watch the event as the company is streaming it live. Apple’s September is the company’s most anticipated event. And that’s because Apple releases new iPhone models every September. Rumor has it that the company should unveil three new devices, including an updated iPhone X, a bigger version of this phone and a new model to replace the iPhone 8 with a notch design. If you have an Apple TV, you can download the Apple Events app in the App Store. It lets you stream today’s event and rewatch old events. The app icon has been updated a few days ago for the event. And if you don’t have an Apple TV, the company also lets you live-stream the event from the Apple Events section on its website. This video feed has always worked in Safari and Microsoft Edge. And just like this year’s WWDC keynote, the video should also work in Google Chrome and Mozilla Firefox. So to recap, here’s how you can watch today’s Apple event: Safari on the Mac or iOS. Microsoft Edge on Windows 10. Google Chrome or Mozilla Firefox on the Mac or Windows 10. An Apple TV with the Apple Events app in the App Store. Of course, you also can read TechCrunch’s live blog if you’re stuck at work and really need our entertaining commentary track to help you get through your day. We have a big team in the room this year.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Disclaimer: Trading in bitcoins or other digital currencies carries a high level of risk and can result in the total loss of the invested capital. theonlinetech.org does not provide investment advice, but only reflects its own opinion. Please ensure that if you trade or invest in bitcoins or other digital currencies (for example, investing in cloud mining services) you fully understand the risks involved! Please also note that some external links are affiliate links.