A security researcher has found a new way to crash and reboot any iPhone with just a few lines of code.
According to his Twitter profile Sabri Haddouche comes from Berlin. And there he released a rather explosive tweet on Saturday: he links to a website that forces every iOS device to its knees in seconds.
The security researcher had 15 lines of code to complete the attack, notes Tech Crunch . It exploited a vulnerability in the so-called web rendering engine WebKit of Apple\’s mobile operating system iOS . In other words, all iPhones and iPads are affected as soon as they call up the corresponding code, either in the browser or in an app.
This means that the users of iOS devices are vulnerable via Twitter, Facebook and any manipulated website. Or even if someone sends the CSS code by e-mail.
Where there are conflicting messages about which other browsers are affected besides Safari by Apple .
Reassuring: attackers can do no further damage. The attack is not suitable for smuggling malware onto a foreign device or for stealing data .
Haddouche told Tech Crunch that he had informed Apple about the vulnerability on Friday. This is already being investigated.
And probably soon closed by an update.
How to force restart any iOS device with just CSS? 💣
IF YOU WANT TO TRY (DON’T BLAME ME IF YOU CLICK) : https://t.co/4Ql8uDYvY3
— Sabri (@pwnsdx) 15 September 2018
That’s how it works
The attack works with controls designed for HTML pages: CSS (Cascading Style Sheets) are responsible for the formatting and layout of web pages. Haddouche explained that by skilfully nesting CSS control codes, he could consume all the resources of the iOS device and cause a kernel panic that shuts down and restarts the operating system to prevent damage.
(dsc, via futurezone.at )