Apple products, ranging from iPhones to MacBooks and iMacs, are known for their security and lag-free optimum performance, but a security researcher found a bug that can crash an iPhone and even a Mac. In case you're wondering how's that possible, security researcher Sabri Haddouche showed clicking on a malicious link can cause a kernel panic in iOS and MacOS browsers and crash the devices temporarily.
Before it causes any panic among Apple users, it must be noted that the bug is not a fatal flaw and won't harm your device in any way. It is also worth mentioning that the bug doesn't steal data stored on your Apple device, so it is merely a prank tool and an annoying one at that.
How does it work?
This is one of the simplest exploits and includes just 15 short lines of code on a webpage that can single-handedly restart your iPhone or iPad. If you're visiting the malicious link on your Mac, it can freeze your Safari browser.
The code actually uses up all the available resources, which triggers a fail-safe built inside iOS. To avoid any damage to the device, any overwhelming activity is terminated by restarting the iPhone and in this case the iPhone will perform a full reboot or a respring (UI reboot) depending on the version of the OS. Once the iPhone is back up, it is like nothing ever happened.
In the case of macOS devices, the attack briefly freezes Mail and Safari and then slows down the computer.
How to force restart any iOS device with just CSS? ?
— Sabri (@pwnsdx) September 15, 2018
Source: https://t.co/Ib6dBDUOhn
IF YOU WANT TO TRY (DON’T BLAME ME IF YOU CLICK) : https://t.co/4Ql8uDYvY3
"The attack uses a weakness in the -webkit-backdrop-filter CSS property. By using nested divs with that property, we can quickly consume all graphic resources and crash or freeze the OS. The attack does not require Javascript to be enabled therefore it also works in Mail. On macOS, the UI freeze. On iOS, the device restart," Haddouche told BleepingComputer.
Haddouche also noted that all browsers on iOS are affected by this bug due to the same WebKit rendering engine and Apple's restrictions on allowing iOS apps to use their own rendering engine.
In addition to this, Haddouche said told the publication that he developed an additional attack using HTML, CSS and JavaScript that causes macOS computers to freeze completely. Luckily, the security researcher did not release the code as the Safari would relaunch with the link even after a reboot, causing the Mac to freeze again.
Is there a fix?
Sadly, no. But the only way iOS and macOS users can protect their devices is by avoiding random links sent over WhatsApp or emails. Apple is likely to deploy a fix, which is the only way to permanently address the problem.