New CSS Attack Freezes Macs And Restarts iPhones

A newly discovered attach will cause a Mac to freeze and an iPhone to restart if the device visits a webpage with specific CSS & HTML. This bug doesn’t affect Windows and Linux users so it’s something that iOS and macOS users only have to keep an eye out for. It was discovered by Sabri Haddouche who is a security researcher at encrypted messaging app developer Wire.

“The attack uses a weakness in the -webkit-backdrop-filter CSS property,” Haddouche explained to BleepingComputer, adding that it can be leveraged to consume all graphics resources to crash or freeze the operating system. The attack doesn’t require users to have JavaScript enabled so it also works in Mail.

The attack can be executed through Safari and Mail in macOS and all browsers on iOS as they use the same WebKit rendering engine. Apple’s App Store rules don’t allow developers to bring their own rendering engine which is why all iOS browsers are susceptible to this attack.

The effect on the iOS device depends on the version being used. It could cause a respring which is a reboot of the user interface or a complete reboot. Haddouche’s tests show a restart on iOS 12 and a respring on iOS 11.4.1. On macOS, Safari or Maril will only freeze for a second and then slow the Mac down.

Until Apple deploys a fix for the issue, there’s really no way to protect yourself against this except being very careful with unknown webpages and emails.

New CSS Attack Freezes Macs And Restarts iPhones , original content from appmarsh. Read our Copyrights and terms of use.

Published by Marshmallow

Marshmallow Android is BT Ireland’s Head of Sales for Republic of Ireland domestic multi-site companies, indigenous MNCs and public sector accounts. He is responsible for the direction and control of all sales activity in the region. He has over 10 years management experience from high growth start-ups to more established businesses. He’s led teams in Ireland, India and China across various industries (ICT, On-Line Recruitment, Corporate Training and International Education).