The iPhone may claim to have overall better security than Android, but it’s not immune to all kinds of sophisticated attacks. The news of the latest such security exploit, coming from Sabri Haddouche of the app Wire, doesn’t even require that much effort.
How to force restart any iOS device with just CSS? 💣
IF YOU WANT TO TRY (DON’T BLAME ME IF YOU CLICK) : https://t.co/4Ql8uDYvY3
— Sabri (@pwnsdx) September 15, 2018
It exploits a bug in Apple’s web rendering tool called WebKit, which is used on both iOS and MacOS. The security researcher needed just 15 lines of code to crash and restart the iPhone, while on MacOS it can potentially freeze a webpage.
The vulnerability exploits a “backdrop-filter CSS property”, which is used in 3D acceleration. Using this issue, the attacker can use all the graphical resources on the iPhone, using <div> tags, causing it to crash.
It is also incredibly easy to execute. It can be triggered if someone sends you an email or a web link with the code inserted within. Anything running on HTML is affected. Apple has been notified by the team, however, it hasn’t officially acknowledged the issue yet.
The researchers showed a video of the exploit being demonstrated on an iPhone. They also showed a few links where you can see its effect on your own phone.
The good news is that despite causing inconvenience, the hack won’t cause lasting damage to your valuable data. It also won’t possibly result in any breaching of your personal info.
As of now, iOS 12 is said to be most affected, resulting in a restart, while previous software only caused a respring. The issue will hopefully be resolved in future updates.