Whether you are a new or old user of Apple products, especially the iPhone, you have probably heard of some "code bug". Basically, these errors cause the device to crash, and possibly restart, upon receiving a code with specific characters or exploiting a flaw in the iOS rendering engine.
Last February, we commented on a similar bug that affected Messaging on both iPhones and Macs. Now the online security researcher Sabri Haddouche found a new way to lock and restart iPhone with just a few lines of CSS code.
– Sabri (@pwnsdx) September 15, 2018
How to force any iOS device to restart with CSS only? 💣
IF YOU WANT TO TRY (DON'T BLAME ME IF YOU CLICK): cdn.rawgit/pwnsdx/ce64de2
The bug affects any iOS device that can interpret graphic filtersis one of the W3C mechanisms for filter application. On iPhone / iPad / iPod touch, this feature was first introduced in iOS 7.
Essentially, when code is opened through Safari, it causes a read error that is applied to all div elements on the page. The constant read error eventually overwhelms the WebKit rendering system used by Safari, causing the popular kernel panic that was a system reboot to avoid hardware damage.
Haddouche shared the GitHub link for anyone who wants to view the bug's source code; just a few lines of HTML and CSS. If you want to test the bug (whatever the reason), you can access this link through Safari at your own risk, of course.
It has been confirmed that the bug affects Safari on iOS 11on the back Golden master (GM) of iOS 12 (the bug also influences Siri Shortcuts), in watchOS 4 and at GM's watchOS 5. At the macOS 10.13.6, the code may cause Safari to just freeze for a moment.
Also looks like watchOS 5 is susceptible. pic.twitter/Mam8uTyuye
– Robert Petersen (@ Sonikku_a2) September 15, 2018
It seems that watchOS 5 is also susceptible.
Although annoying, the good news is that this attack cannot be used to execute malicious code, such as stealing data from users. However, there is no easy way to prevent anyone from falling into it, as just touching a link sent by any application, message or HTML email that renders the code can instantly lock the device.
Haddouche told the TechCrunch who has already contacted Apple to report the bug, which it said was investigating the issue. Ma is likely to release a new software update as soon as it releases the final, public release of iOS 12, which will be released later this afternoon.