We all knew that Apple is the top-class company when we talk about security, right? Now, researchers were able to find out a way to make sure that you would face a glitch while visiting specific websites. These websites only use HTML and CSS.

Jokes aside, let’s get to the real news.

CSS to restart iOS and freeze macOS

It’s sort of surprising, but security researchers were able to perform attacks using HTML and CSS only on iOS and macOS. Fortunately, Windows and Linux users are not affected by the issue. Sabri Haddouche, a security researcher at Wire, discovered this new attack. Using this technique, he was able to quickly hog up all the resources of Apple devices.

According to Haddouche, the weakness lies in the “-webkit-backdrop-filter” CSS property. Using nested DIVS with that property, it’s easily possible to consume all the graphic resources and crash/freeze the OS. There’s no necessity to JavaScript. That’s why it successfully works on other places like Mail.

Unfortunately, iOS is the most susceptible to this attack as well as Safari and Mail in macOS. All of them use the WebKit rendering engine.

Depending on the version of iOS, the attack may cause a UI restart or even a kernel panic and a device reboot. As a demo, Haddouche performed this attack on an iOS 12 and the device rebooted completely whereas an iOS 11.4.1 caused a respring.

Visit a web page and get attacked!

The attack doesn’t require anything especial trick; just only visiting a special CSS and HTML website is more than enough. Here’s the perfect demo of the attack.

Unfortunately, there’s currently no mitigation or solve to this problem. You can keep yourself safe by following basic safety rules like not clicking any random link. The fix will eventually come, though. So, stay sharp!

The post CSS Attacks to Restart iPhone or Freeze a Mac appeared first on Linux Windows and android Tutorials.

Security researchers from Pangu Lab, a well-known company for providing jailbreaks have confirmed the vulnerability and named it “ZipperDown”. This flaw, according to their description, is a common programming error that leads to severe consequences like data overwriting, even code execution in the affected apps’ context.

Vulnerable apps

Pangu Lab created a scan rule for searching ZipperDown flaw in iOS apps. According to the result, 15,978 out of 168,951 scanned apps appear to have ZipperDown infection. However, they also added that the apps are to be manually inspected for confirmation.

Unfortunately, in the list of vulnerable apps, there are some really popular apps like NetEase Music, QQ Music, MOMO, Kwai etc. who have over 100 million users. Here’s a video where the researchers showed a demo infecting Weibo.

Devs must contact the researchers

Pangu Lab said that due to the potential infection in a large amount of apps, they’re not able to verify all the individual apps precisely. Moreover, the number of authors of infected apps is also large enough, making it really difficult for contacting each of them and informing the issue.

That’s why the company is asking the devs if their apps is on the list of potential infection list, they need to contact Pangu Lab for further details and test & fix their application(s).

Android infected(?)

According to Pangu Lab, Android also suffers from similar issues like ZipperDown. The researchers said that they’ll continue further investigation for pinning the flaw.

Fortunatley, ZipperDown isn’t like other vulnerabilities and not available for easy exploitation. In order to exploit, the hacker must be within the range of the same network position for hijacking/spoofing traffic. According to the researchers, the sandbox on both Android and iOS are really effective in mitigating any possible damage for ZipperDown’s consequences.

How to stay secured

If you want to protect yourself from the vulnerability, you have to make sure that you are using the latest version of all the installed apps. It’s highly likely that app devs will release update to their software in the future.

Recently, the source code of TreasureHunter malware went public. Learn more about the source code leak and the future attacks.

The post ZipperDown Infecting iOS Apps appeared first on Linux Windows and android Tutorials.