Nasty piece of CSS code crashes and restarts iPhones

Nasty piece of CSS code crashes and restarts iPhones 1

A security researcher has discovered a vulnerability in the WebKit rendering engine used by Safari that crashes and restarts the iOS operating system used by iPhones and iPads.

The vulnerability can be exploited by loading an HTML page that uses specially crafted CSS code. The CSS code isn’t very complex and tries to apply a CSS effect known as backdrop-filter to a series of nested page segments (DIVs).

Backdrop-filter is a relative new CSS property and works by blurring or color shifting to the area behind an element. This is a heavy processing task, and some software engineers and web developers have speculated that the rendering of this effect takes a toll on iOS’ graphics processing library, eventually leading to a crash of the mobile OS altogether.

Sabri Haddouche, a software engineer and security researcher at encrypted instant messaging app Wire, is the one who discovered the vulnerability, and published proof-of-concept code on Twitter earlier today.

This link will crash your iOS device, while this link will show the source code behind the vulnerability. Haddouche also tweeted a video of the vulnerability crashing his phone:

“The attack uses a weakness in the -webkit-backdrop-filter CSS property, which uses 3D acceleration to process elements behind them,” Haddouche told ZDNet in an interview.

“By using nested divs with that property, we can quickly consume all graphic resources and freeze or kernel panic the OS.”

But Haddouche also says the vulnerability also affects macOS systems and not just iOS.

“With the current attack (CSS/HTML only), it will just freeze Safari for a minute then slow it down,” the researcher told ZDNet. “You will be able to close the tab afterward.”

“To make it work on macOS, it requires a modified version containing Javascript,” he added. “The reason why I did not publish it is that it seems that Safari persists after a forced reboot and the browser is launched again, therefore bricking the user’s session as the malicious page is executed once again.”

The researcher says he already notified Apple of the issue before publishing the code on Twitter.

“I contacted them using their security product email,” Haddouche told ZDNet. “They confirmed they received the issue and are investigating it.”

Haddouche told ZDNet he discovered the vulnerability while researching reliable denial of service (DoS) bugs on multiple browsers. At the start of the month, Haddouche also published another exploit that crashed Chrome and Chrome OS with one line of JavaScript.

On a side note, as one iOS developer told ZDNet, the vulnerability could be more widespread than previously thought. This is because Apple forces all browsers and HTML-capable apps listed on the App Store to use its WebKit rendering engine, meaning the issue will most likely crash any app that’s capable of loading a web page.

About the author

E-Crypto News was developed to assist all cryptocurrency investors in developing profitable cryptocurrency portfolios through the provision of timely and much-needed information. Investments in cryptocurrency require a level of detail, sensitivity, and accuracy that isn’t required in any other market and as such, we’ve developed our databases to help fill in information gaps.

Related Posts

E-Crypto News Executive Interviews



bitcoin
Bitcoin (BTC) $ 61,301.00
ethereum
Ethereum (ETH) $ 4,123.54
binance-coin
Binance Coin (BNB) $ 485.05
tether
Tether (USDT) $ 1.00
cardano
Cardano (ADA) $ 2.16
solana
Solana (SOL) $ 194.39
xrp
XRP (XRP) $ 1.09
polkadot
Polkadot (DOT) $ 43.63
dogecoin
Dogecoin (DOGE) $ 0.251039
usd-coin
USD Coin (USDC) $ 1.01
USD
EUR
GBP
bitcoinBitcoin (BTC)
$ 61,301.00
ethereumEthereum (ETH)
$ 4,123.54
tetherTether (USDT)
$ 1.00
bitcoin-cashBitcoin Cash (BCH)
$ 625.57
litecoinLitecoin (LTC)
$ 197.35
bitcoinBitcoin (BTC)
52.643,77
ethereumEthereum (ETH)
3.541,19
tetherTether (USDT)
0,858775
bitcoin-cashBitcoin Cash (BCH)
537,22
litecoinLitecoin (LTC)
169,48
bitcoinBitcoin (BTC)
44,484.60
ethereumEthereum (ETH)
2,992.35
tetherTether (USDT)
0.725675
bitcoin-cashBitcoin Cash (BCH)
453.96
litecoinLitecoin (LTC)
143.21

Automated trading with HaasBot Crypto Trading Bots

Crypto Scams

Behind The Scenes: How this Crypto Community Responded to + $50m Hack
October 18, 2021
Crypto Scams
Crypto Scams Still Persistent In 2021, SEC Warns About Red Flags To Watch
September 9, 2021
Poly Network
Here’s How Hackers Stole Over $600 million in the Poly Network Attack
August 12, 2021
The World’s Most Infamous Crypto Hacks and Scams
July 31, 2021
Cryptocurrency Exchanges
Cryptocurrency Exchanges and the Plague of Scams and Bans
June 29, 2021

Blockchain/Cryptocurrency Questions and Answers

ICo Presale
The Science Behind ICO Presales…
October 14, 2021
Beginner’s Guide to Investing in Cryptocurrency
August 9, 2021
Short-Sell Cryptocurrency
How to Short-Sell Cryptocurrency: A Brief Overview
July 17, 2021
Klaytn
What Is Klaytn (KLAY) And How Does It Work?
July 16, 2021
Cryptocurrencies
Our Crypto Roundup Interview Asks- Do Cryptocurrencies Have a Future?
July 15, 2021


CryptoCurrencyUSDChange 1hChange 24hChange 7d
Bitcoin60,916 0.64 % 0.64 % 0.41 %
Ethereum4,099.5 0.98 % 1.48 % 6.36 %
Binance Coin482.17 0.73 % 0.25 % 3.07 %
Tether0.9986 0.03 % 0.08 % 0.23 %
Cardano2.150 0.51 % 0.66 % 1.70 %
Solana193.40 1.00 % 4.11 % 22.19 %
XRP1.090 0.50 % 0.72 % 4.69 %
Polkadot30.87 2.19 % 17.29 % 10.73 %
Dogecoin0.2493 0.52 % 1.28 % 4.51 %
USD Coin1.000 0.14 % 0.20 % 0.17 %

bitcoin
Bitcoin (BTC) $ 61,301.00
ethereum
Ethereum (ETH) $ 4,123.54
binance-coin
Binance Coin (BNB) $ 485.05
tether
Tether (USDT) $ 1.00
cardano
Cardano (ADA) $ 2.16
solana
Solana (SOL) $ 194.39
xrp
XRP (XRP) $ 1.09
polkadot
Polkadot (DOT) $ 43.63
dogecoin
Dogecoin (DOGE) $ 0.251039
usd-coin
USD Coin (USDC) $ 1.01