Malicious Video Link Causes iOS Devices to Freeze, Requiring a Hard Reset

A malicious video link that when played in Safari causes iOS devices to crash has been discovered this morning.

Playing the MP4 video in question through Safari appears to have no effect at first, but gradually the operating system slows down before it freezes completely, after which only a hard reset will bring the device back to life. YouTube channel EverythingApplePro has posted a demonstration (i.e. not the original video) showing the exploit in action.

iOS safari video crash
The bug appears to affect iOS builds as far back as iOS 5, while iPhones running iOS 10.2 beta 3 are said to power off and show the spinning wheel indefinitely.

If you fall victim to the prank, you'll need to hard reboot to get your device working again. According to a Reddit post by user Riddle, currently the top level domains hosting the video appear to be vk.com and testtrial.site90.net, but bear in mind that the video could be hosted on other sites quite easily and that URL shorteners can mask the actual address you're being linked to.

This kind of prank isn't new. Three years ago, a text exploit made the rounds that caused both Mac and iOS devices to crash.

(Via 9to5Mac.)

Top Rated Comments

(View all)
Avatar
39 months ago

On my iPad 2 running iOS 10 this seems to be a feature. Not a problem...

You must have a pretty cool iPad2 if it's running ios10 as my iPad3 stopped being capable of upgrade at ios9!!
Rating: 11 Votes
Avatar
39 months ago

soo many bad news for apple..


It's just a software bug and it'll be patched accordingly. Nothing new either.

The bug appears to affect iOS builds as far back as iOS 5

Rating: 5 Votes
Avatar
39 months ago

Why is this vulnerability called a prank? Sounds like a remote execution bug like Stage fright on Android.


Where do you see remote execution of code
Rating: 5 Votes
Avatar
39 months ago

Doesn't "hard reset" mean erase the device to factory settings? I think this just requires a "hard restart".

The terminology has been essentially corrupted through misuse by more and more over period of time. Kind of like "literally" has even been adjusted to mean the opposite of itself as well for similar reasons.
Rating: 4 Votes
Avatar
39 months ago

Why is this vulnerability called a prank? Sounds like a remote execution bug like Stage fright on Android.

probably because it isn't remote execution at this stage if it only can crash a device
Rating: 4 Votes
Avatar
39 months ago
On my iPad 2 running iOS 10 this seems to be a feature. Not a problem...
Rating: 3 Votes
Avatar
39 months ago
soo many bad news for apple..
Rating: 2 Votes
Avatar
39 months ago
Doesn't "hard reset" mean erase the device to factory settings? I think this just requires a "hard restart".
Rating: 2 Votes
Avatar
39 months ago
Why is this vulnerability called a prank? Sounds like a remote execution bug like Stage fright on Android.
Rating: 1 Votes
Avatar
39 months ago
Too bad this is not a jailbreak worthy exploit but probaly just pumps the device full of useless code so it freezes.
Rating: 1 Votes
[ Read All Comments ]