New CSS attack will Crash your iPhone and Freezes Mac Devices

Libssh 5/5 (1)

Security researchers have discovered a new CSS attack which causes iOS devices to crash and freezes Mac devices.

The new CSS attack was discovered by Sabri Haddouche, a security researcher at Wire and said that with 15 lines of code he was able to crash and restart any iOS devices and freeze the safari browser in Mac.

new CSS attack

The researcher exploited a weakness in the -webkit-backdrop-filter CSS. Attackers use nested divs with that property which will quickly consume all graphics resources and crash or freeze the OS.

“The attack uses a weakness in the -webkit-backdrop-filter CSS property, By using nested divs with that property, we can quickly consume all graphic resources and crash or freeze the OS. The attack does not require Javascript to be enabled therefore it also works in Mail. On macOS, the UI freeze. On iOS, the device restart.” said Haddouche to Bleeping Computer.

The attack affects all browsers in iOS devices and in the case of Mac the attack affects mail and safari. The weakness does not affect Windows and Linux systems.

The attack works when the user visits a webpage containing certain CSS & HTML which will cause the device to use up all resources quickly. Depending on the iOS version it will cause a kernel panic and device reboot or UI restart.

Researcher tested the attack on iOS 12 which caused device reboot, and in iOS 11.4.1 it only caused a UI restart.

In Mac when you visit the web page, it will freeze or slow down your system.

The researcher has also told that he has created another attack which uses HTML, CSS, and JavaScript which will completely freeze the MacOs systems. “He has not released it as it persists after reboot and macOS will relaunch Safari with the malicious page as well, making the computer freeze again.” said the researcher via Bleeping Computer.

Researcher said he has notified Apple about the issue and as of now, there is no way to prevent this attack.

For more details, you can visit the post published by the researcher on the GitHub page here.

For the latest cyber threats and the latest hacking news please follow us on Facebook, Twitter and Linkedin

You may be interested in reading:Mac Adware Doctor App Discovered Stealing Sensitive Information of Users

Comments

Please rate this content