[ad_1]
A security researcher has found a new way to crash and restart any iPhone – with just a few lines of code.
Sabri Haddouche tweeted proof of concept Web page with only 15 lines of code that, if visited, get stuck and restart an iPhone or iPad. MacOS users can also see Safari freeze when opening the link.
The code exploits a weakness in the WebKit iOS Web rendering engine, including Apple Haddouche told TechCrunch that all applications and browsers are needed. He explained that the nesting of a ton of elements – such as
"Everything that makes HTML on iOS is affected," he said. This means that anyone who sends you a link on Facebook or Twitter, or if a webpage you visit includes the code, or whoever sends you an email, he warned.
TechCrunch has tested the exploit running on the latest iOS 11.4.1 mobile software, and has confirmed that it hangs and restarts the phone. Thomas Reed, director of Mac & Mobile's security company Malwarebytes has confirmed that the latest version of iOS 12 beta has also been blocked when using the link.
The lucky ones whose devices are not blocked can simply see their device reboot (or "respracterize") the user interface instead.
For those who are curious, you can see how it works without having to execute the code inducing a crash.
The good news is that even if this attack is annoying, it can not be used to execute malicious code. But there is no easy way to prevent the attack from working. Clicking on a trapped link sent in a message or opening an HTML e-mail that displays the code may cause the device to be overwritten instantly.
Haddouche contacted Apple on Friday about the attack, which would be the subject of an investigation. A spokesperson did not immediately respond to a request for comment.
[ad_2]
Source link
