New CSS Attack Restarts an iPhone or Freezes a Mac


A new attack has been discovered that will cause iOS to restart or respring and macOS to freeze simply by visiting a web page that contains certain CSS & HTML. Windows and Linux users are not affected by this bug.

This new attack was discovered by Sabri Haddouche, a security researcher at Wire, who was able to devise a way to quickly use up an Apple device’s resources so that it crashes when visiting a web page.

“The attack uses a weakness in the -webkit-backdrop-filter CSS property,” Haddouche told BleepingComputer. “By using nested divs with that property, we can quickly consume all graphic resources and crash or freeze the OS. The attack does not require Javascript to be enabled therefore it also works in Mail. On macOS, the UI freeze. On iOS, the device restart.”

This attack affects all browsers on iOS, as well as Safari and Mail in macOS, because they all use the WebKit rendering engine.

Read more…
Source: Bleeping Computer