Crash your iPhone with just a few lines of CSS - [security]
04:02 PM EDT - Sep,17 2018 - post a comment
What just happened? A security researcher finds a WebKit vulnerability that can instantly freeze and reboot any iOS device. The exploit affects all browsers installed on iOS and can even freeze Safari on macOS. Sabri Haddouche, a security researcher at Wire, has found an vulnerability in Apple's WebKit rendering engine that if exploited, can crash and restart any iOS device. o prove it out, Sabri created an experimental webpage with just 15 lines of code. He explained that if you nest elements such as div tags inside of a backdrop filter CSS property, it will end up using all of the device's resources and cause a kernel panic.
Because the vulnerability is with WebKit, that means that any browser on iOS is affected since Apple mandates every third-party browser on iOS use the WebKit rendering engine. The exploit was tested on iOS 11.4.1 as well as the current iOS 12 beta by Malwarebytes and confirmed working on both.