A security researcher has found out that due to a vulnerability in WebKit (a rendering engine used by Safari browser), it takes only a few lines of CSS code to crash an iPhone or an iPad.
The code itself is not too complex and uses multiple nested elements like <div> tags inside a CSS effect called backdrop-filter, used for color shifting behind the element. This is a processor intensive task which takes up a lot of the device’s resources and can be used to make it crash.
Sabri Haddouche – the man who found the vulnerability – posted a video on Twitter showing off the script causing an iPhone to crash, along with the code itself.
How to force restart any iOS device with just CSS? ?
Source: https://t.co/Ib6dBDUOhn
IF YOU WANT TO TRY (DON’T BLAME ME IF YOU CLICK) : https://t.co/4Ql8uDYvY3
— Sabri (@pwnsdx) September 15, 2018
The 💜 of EU tech
The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!
He warned that any link which contains the code can freeze the phone. “Anything that renders HTML on iOS is affected, ”Haddouche said.
— Sabri (@pwnsdx) September 15, 2018
Haddouche also added that a tweaked version of CSS code can affect MacOS as well, making more Apple products vulnerable. He said that Apple has acknowledged the bug and is currently looking into it. We have reached out to Apple for a statement and will update this story accordingly.
Thankfully, this hack doesn’t put any of your data at risk, but it is still quite annoying.
This is not the first incident of a piece of code or text can crash your iPhone. Last year, it was discovered that sending a text which can crash your iPhone. Even iOS 11 had a bug, where a character from an Indian language Telugu, made the device crash. Later, Apple released a fix for that.
Get the TNW newsletter
Get the most important tech news in your inbox each week.