Links that cause iPhones and iPads to crash or reboot have become a bit of a trend in recent years. The latest was released by security researcher @pwnsdx over Twitter. What’s interesting about this one in particular is it relies on a simple snippet of HTML and CSS and causes a full device kernel panic, beyond just a simple Springboard crash.
The bug affects any iOS device that can interpret the background-filter effect, something which was first introduced in iOS 7. Essentially, the few lines of CSS apply a computed blur effect to every div element on the page. The accompanying HTML includes a lot of div elements.
The computationally-expensive drawing overloads the WebKit renderer and the system cannot recover other than to kernel panic, crash to the Apple logo, and reboot.
You can see the source code of the bug here; it’s only a few lines of HTML and CSS. You can open the ‘safari-ripper.html’ link on that page if you want to try it out yourself — but the usual disclaimers and warnings apply. 9to5Mac has confirmed it does work on iOS 11 and iOS 12, so you don’t have to. It can also cause some desktop web browsers to freeze up.
— S (@pwnsdx) September 15, 2018
Unlike similar text message crashing cases that can spread like chain-mail over iMessage notifications, this requires the user to visit a web page that contains the problematic code. At worst, this code could be incorporated into a HTML email message that causes the device to crash when the message is opened.
This means there is a relatively low chance of real-world damage. That being said, CSS and JavaScript should never be able to take down a system like this. Apple and the WebKit groups will no doubt roll out a fix in the coming weeks that will make its way into a future iOS update.
FTC: We use income earning auto affiliate links. More.
Comments