A security researcher has revealed a method of crashing and restarting iPhones and iPads, with just a few lines of code that could be added to any webpage.
Sabri Haddouche tweeted a link to webpage containing his 15-line proof-of-concept attack, which exploits a vulnerability in the WebKit web rendering engine used by Apple’s Safari browser.
Haddouche, who for a day job works as part of Wire’s security team, demonstrated that the Safari browser could be easily overloaded by applying a CSS background-filter property to over nested 3,000 <div> tags.
As the WebKit’s rendering engine consumes resources, iOS eventually freezes and devices can crash and restart.
Leave a reply