Surfaces on the iOS Web that can block and restart your iPhone, iPad



[ad_1]

While Apple is busy with last minute preparations for iOS 12, a security researcher has introduced a concept validation web page that uses CSS to instantly crash and restart your iPhone or iPad as you go. iOS. The same CSS-based hack would also have frozen a Safari window once you access it on a Mac. The 15-line Web code snippet that highlights the flaw of Apple's operating system tries to use all the resources available on your iOS device. This causes a kernel panic on the hardware and eventually causes a sudden reboot. In July, former NSA security researcher Patrick Wardle detected a bug that made iOS devices crash by tapping Taiwan into iMessage, Facebook, WhatsApp, or other apps, after receiving the Taiwanese emoji flag. The code pushing denial of service bug was found in iOS 11.3, but Apple released a fix with the iOS 11.4.1 update at a later stage.

Security researcher Sabri Haddouche Saturday tweeted the URL containing the proof of concept webpage that blocks iOS devices. Haddouche has also posted the source code of the web page on GitHub to detail the failure to restart the force. While we were able to replicate the defect and force the reboot of an iPhone 7 based on the latest iOS 11.4.1 and an iPhone 7 Plus based on the latest version of iOS 12 beta, the security researcher says that it affects all devices running iOS 9.0 and above.

The web page is said to be using all available resources to cause kernel panic on the system, causing the smartphone to turn off and on to prevent damage to the electronics. The code, based on HTML and CSS, contains many tags. CSS lines tell the browser to apply a blur effect to each element of the page, overloading the WebKit rendering engine. This means you'll get similar results whether you're using Safari or Firefox on your iPhone or iPad.

Unlike some earlier iOS hacks that caused crashes via iMessage or other email applications, the latter case causes the sudden reboot once you visit the specific web page. This makes it less impacting. In addition, it should be noted that the hack does not involve any data loss – it only sinks the system by imposing a heavy load on it. As it is only 15 lines of code, it can be planted in seemingly innocent websites or sent via SMS.

Nevertheless, Haddouche said that "everything that makes HTML on iOS is affected" by the flaw, cited by TechCrunch. This means that the link to the hack can be found on all social media applications such as Facebook and Twitter or can be given via an email or a WhatsApp message. Once you tap this link, your device freezes for one second and then restarts.

TechCrunch reports that Haddouche has already hinted at Apple's hacking. It is however unclear whether the Cupertino giant will be able to fix the flaw of the next update of iOS 12 or a new version of iOS in 12 points. In the meantime, it is recommended to avoid touching unknown links on your iOS devices.

<! –

->

[ad_2]
Source link