A new attack has been discovered by a researcher named Sabri Haddouche from Wire which causes iOS devices to restart and Mac devices to freeze on visiting a particular web page.
Sabri tweeted the link to the webpage that contains a 15 line CSS/HTML code which when visited by an iPhone leads to quick consumption of the device’s resources leading to reboot and when a user visits the webpage on a Mac, Safari freezes.
How to force restart any iOS device with just CSS? 💣
Source: https://t.co/Ib6dBDUOhn
IF YOU WANT TO TRY (DON’T BLAME ME IF YOU CLICK) : https://t.co/4Ql8uDYvY3
— Sabri (@pwnsdx) September 15, 2018
The code exploits a vulnerability in the web rendering engine WebKit which is used by all apps and browsers. The code implements a CSS effect called backdrop filter using nested divs.
Backdrop-filter is a fairly new CSS property that blurs the area behind an element. The task involves heavy consumption of resources which leads to the crashing of the mobile OS.
“The attack uses a weakness in the -webkit-backdrop-filter CSS property. By using nested divs with that property, we can quickly consume all graphic resources and crash or freeze the OS. The attack does not require Javascript to be enabled therefore it also works in Mail.” said Sabri in an interview to The Bleeping Computer.
The attack cannot be used for running malicious codes but if someone foils this link in an email it can lead to restarting of iPhone and freezing of Mac.
No solution has been found for the attack as of now. In the meantime, Sabri has informed Apple about the vulnerability.
Also Read: iOS 12 Released; Here’s How To Update Your iPhone/iPad To iOS 12
