A new attack has been discovered by a researcher named Sabri Haddouche from Wire which causes iOS devices to restart and Mac devices to freeze on visiting a particular web page.
Sabri tweeted the link to the webpage that contains a 15 line CSS/HTML code which when visited by an iPhone leads to quick consumption of the device’s resources leading to reboot and when a user visits the webpage on a Mac, Safari freezes.
How to force restart any iOS device with just CSS? 💣
IF YOU WANT TO TRY (DON’T BLAME ME IF YOU CLICK) : https://t.co/4Ql8uDYvY3
— Sabri (@pwnsdx) September 15, 2018
The code exploits a vulnerability in the web rendering engine WebKit which is used by all apps and browsers. The code implements a CSS effect called backdrop filter using nested divs.
Backdrop-filter is a fairly new CSS property that blurs the area behind an element. The task involves heavy consumption of resources which leads to the crashing of the mobile OS.
The attack cannot be used for running malicious codes but if someone foils this link in an email it can lead to restarting of iPhone and freezing of Mac.
No solution has been found for the attack as of now. In the meantime, Sabri has informed Apple about the vulnerability.