Watch out for the crashing bugs! A security researcher named Sabri Haddouche discovered a “bug” which is known to be a vulnerability in Apple iPhones iOS operating systems that will immediately crash and shutdown an iPhone once a website link has been clicked. The researcher only had to create a few lines of code in HTML to exploit the vulnerability. The vulnerability is a weakness found in Apple’s web rendering engine named WebKit. All Apple apps and web browser’s run on this system platform. The Webkit vulnerability allowed it to fail by its inability to properly load multiple elements such as "div" tags inside a backdrop filter property in CSS. Haddouche created a proof-of-concept (P-o-C) and has posted it to his GitHub Page. The PoC He created is a web page that uses up all of the Apple mobile device's resources, when an apple device’s browser visits that webpage it causes the mobile device to first shut down and then restart based on having the kernel only panic. Unfortunately, all web browsers on Apple mobile devices, including Microsoft Edge, Internet Explorer, and Safari on iOS, as well as Safari and Mail in macOS, are found to be vulnerable to this type of CSS-based web attack. The crashing bug vulnerability issue within the WebKit has been reported to Apple and Apple is now investigating the issue to distribute a patch. Researchers at Redport Information Assurance, LLC advises to be careful when visiting unknown websites using Apple mobile devices browsers.

By Dr. Randall Sylvertooth


Source:
https://thehackernews.com/2018/09/iphone-crash-exploit.html
https://gist.github.com/pwnsdx/ce64de2760996a6c432f06d612e33aea

For more information about Redport’s information assurance and cyber security services, visit www.redport-ia.com, email us at info@redport-ia.com, like us on Facebook, and follow us on Twitter@redport_ia.

Gaithersburg, MD, USA