31.6 C

CSS Attacks to Restart iPhone or Freeze a Mac

Security is something that that must stay safe all the time, no matter the cost, right? When we first heard about Meltdown and Spectre, we went as far as to disable the cool (dangerous?) features that even slowed our systems down. Now, even the iOS and macOS is susceptible to attacks! Yes, that’s a fact.

We all knew that Apple is the top-class company when we talk about security, right? Now, researchers were able to find out a way to make sure that you would face a glitch while visiting specific websites. These websites only use HTML and CSS.

Jokes aside, let’s get to the real news.

CSS to restart iOS and freeze macOS

- Advertisement -

It’s sort of surprising, but security researchers were able to perform attacks using HTML and CSS only on iOS and macOS. Fortunately, Windows and Linux users are not affected by the issue. Sabri Haddouche, a security researcher at Wire, discovered this new attack. Using this technique, he was able to quickly hog up all the resources of Apple devices.

According to Haddouche, the weakness lies in the “-webkit-backdrop-filter” CSS property. Using nested DIVS with that property, it’s easily possible to consume all the graphic resources and crash/freeze the OS. There’s no necessity to JavaScript. That’s why it successfully works on other places like Mail.

Unfortunately, iOS is the most susceptible to this attack as well as Safari and Mail in macOS. All of them use the WebKit rendering engine.

Depending on the version of iOS, the attack may cause a UI restart or even a kernel panic and a device reboot. As a demo, Haddouche performed this attack on an iOS 12 and the device rebooted completely whereas an iOS 11.4.1 caused a respring.

Visit a web page and get attacked!

The attack doesn’t require anything especial trick; just only visiting a special CSS and HTML website is more than enough. Here’s the perfect demo of the attack.

Unfortunately, there’s currently no mitigation or solve to this problem. You can keep yourself safe by following basic safety rules like not clicking any random link. The fix will eventually come, though. So, stay sharp!

- Advertisement -
Everything Linux, A.I, IT News, DataOps, Open Source and more delivered right to you.
"The best Linux newsletter on the web"


Please enter your comment!
Please enter your name here

Latest article