A security scientist has detected a vulnerability in the WebKit rendering engine used by Safari that crashes and restarts the iOS operating system used by iPhones and iPads.
Vulnerability can be exploited by loading an HTML page using custom-designed CSS code. The CSS code is not very complicated and tries to use a CSS effect known as the background filter for a number of embedded side segments (DIVs).
Background filter is a relative new CSS property and appears blurred or color shifting to the area behind an item. This is a heavy processing task, and some software developers and web developers have speculated that the rendering of this effect takes a twelve on the iOS graphics management library, and eventually causes a crash of the mobile OS completely.
Sabri Haddouche, a software engineer and security researcher at Encrypted Instant Messaging Wire, is the one who discovered the vulnerability and published proof of concept code on Twitter earlier today.
This link will crash your iOS device, while this link shows the source code behind the vulnerability. Haddouche also tweeted a video of the vulnerability that crashed his phone:
"The attack uses a weakness in the CSS property for the webkit background filter, which uses 3D acceleration to process elements behind them," said Haddouche ZDNet ] in an interview.
"Using nested div with that property, we can quickly consume all graphical resources and freeze or core panic operating system."
But Haddouche also says that vulnerability also affects macOS systems and not just iOS.
"With the current attack (CSS / HTML only), it will only freeze Safari for a moment and then slow it down," said the researcher ZDNet . "You will be able to close the tab afterwards."
The researcher says he has already notified Apple about the issue before publishing the code on Twitter.
"I contacted them using their security product email," said Haddouche ZDNet . "They confirmed that they got the issue and investigated it."
As an iOS developer told ZDNet vulnerability could be more widespread than previously thought. This is because Apple forces all browsers and HTML-compatible applications listed on the App Store to use its WebKit rendering engine, which means the problem is likely to crash any app as can load a webpage.