Security Researcher Discovers Snippet of CSS Code That Forces iOS to Reboot, Apple Investigating

A brand new iOS vulnerability used to be came upon by way of a safety researcher over the weekend, inflicting affected iPhones and iPads to crash and restart when following a hyperlink to an HTML web page website hosting specifically crafted CSS code.

The vulnerability hits the WebKit rendering engine utilized in Safari by way of making use of a CSS impact — “backdrop-filter” — that calls for sufficient heavy graphics processing to motive iOS to crash totally.

Software engineer and safety researcher Sabri Haddouche, who works for encrypted messaging app Wire, came upon the vulnerability and shared movies of its results on Twitter. Haddouche additionally mentioned his findings with ZDNet:

“The assault makes use of a weak spot within the -webkit-backdrop-filter CSS assets, which makes use of 3-d acceleration to procedure components at the back of them,” Haddouche informed ZDNet in an interview.

“By the usage of nested divs with that assets, we will briefly devour all graphic sources and freeze or kernel panic the OS.”

Apple has been notified of the vulnerability, and Haddouche showed that the corporate is actively investigating the problem. The researcher additionally notes that the CSS code in its present shape will freeze Safari on macOS “for a minute,” after which sluggish it down, however the Mac would possibly not crash. However, a changed model with Javascript may just finish with the similar end result because the iOS model, crashing the Mac laptop that it is on.

Haddouche did not post the changed macOS vulnerability as a result of as soon as the pc reboots, Safari persists and the browser is mechanically introduced once more with the similar consequence, leading to a cycle of reboots. The researcher says that he came upon the vulnerabilities all over analysis for denial of provider insects on other internet browsers.

Related Roundup: iOS 11
Tag: Vulnerabiltiies

Discuss this newsletter in our boards

Published by Marshmallow

Marshmallow Android is BT Ireland’s Head of Sales for Republic of Ireland domestic multi-site companies, indigenous MNCs and public sector accounts. He is responsible for the direction and control of all sales activity in the region. He has over 10 years management experience from high growth start-ups to more established businesses. He’s led teams in Ireland, India and China across various industries (ICT, On-Line Recruitment, Corporate Training and International Education).