CSS Attacks to Restart iPhone or Freeze a Mac

Security is something that that must stay safe all the time, no matter the cost, right? When we first heard about Meltdown and Spectre, we went as far as to disable the cool (dangerous?) features that even slowed our systems down. Now, even the iOS and macOS is susceptible to attacks! Yes, that’s a fact.

We all knew that Apple is the top-class company when we talk about security, right? Now, researchers were able to find out a way to make sure that you would face a glitch while visiting specific websites. These websites only use HTML and CSS.

Jokes aside, let’s get to the real news.

CSS to restart iOS and freeze macOS

- Advertisement -

It’s sort of surprising, but security researchers were able to perform attacks using HTML and CSS only on iOS and macOS. Fortunately, Windows and Linux users are not affected by the issue. Sabri Haddouche, a security researcher at Wire, discovered this new attack. Using this technique, he was able to quickly hog up all the resources of Apple devices.

According to Haddouche, the weakness lies in the “-webkit-backdrop-filter” CSS property. Using nested DIVS with that property, it’s easily possible to consume all the graphic resources and crash/freeze the OS. There’s no necessity to JavaScript. That’s why it successfully works on other places like Mail.

Unfortunately, iOS is the most susceptible to this attack as well as Safari and Mail in macOS. All of them use the WebKit rendering engine.

Depending on the version of iOS, the attack may cause a UI restart or even a kernel panic and a device reboot. As a demo, Haddouche performed this attack on an iOS 12 and the device rebooted completely whereas an iOS 11.4.1 caused a respring.

Visit a web page and get attacked!

The attack doesn’t require anything especial trick; just only visiting a special CSS and HTML website is more than enough. Here’s the perfect demo of the attack.

Unfortunately, there’s currently no mitigation or solve to this problem. You can keep yourself safe by following basic safety rules like not clicking any random link. The fix will eventually come, though. So, stay sharp!

- Advertisement -

Everything Linux, A.I, IT News, DataOps, Open Source and more delivered right to you.

Subscribe

"The best Linux newsletter on the web"

Previous articleKumbiaPHP: a simple and powerful PHP framework.

Next articleInstalling and using FFmpeg on Debian 8 and Debian 9?

CSS Attacks to Restart iPhone or Freeze a Mac

CSS to restart iOS and freeze macOS

Visit a web page and get attacked!

LEAVE A REPLY Cancel reply

Latest article

Create and Administer Student Networking Projects on Linux

The Use of Linux in the Field of Artificial Intelligence

Linux Commands for Checking How Much Space is Left on Deck

POPULAR POSTS

How to Install OpenLDAP Server on Ubuntu 18.04?

Create Your Own Ubuntu with Distroshare Ubuntu Imager

How to setup a mail server on Ubuntu 18.04?

POPULAR CATEGORY