Security Researcher Discovers Snippet of CSS Code That Forces iOS to Reboot, Apple Investigating

by

A new iOS vulnerability was discovered by a security researcher over the weekend, causing affected iPhones and iPads to crash and restart when following a link to an HTML page hosting specially crafted CSS code.

The vulnerability hits the WebKit rendering engine used in Safari by applying a CSS effect -- "backdrop-filter" -- that requires enough heavy graphics processing to cause iOS to crash completely.

Software engineer and security researcher Sabri Haddouche, who works for encrypted messaging app Wire, discovered the vulnerability and shared videos of its effects on Twitter. Haddouche also discussed his findings with ZDNet:

"The attack uses a weakness in the -webkit-backdrop-filter CSS property, which uses 3D acceleration to process elements behind them," Haddouche told ZDNet in an interview.

"By using nested divs with that property, we can quickly consume all graphic resources and freeze or kernel panic the OS."

Apple has been notified of the vulnerability, and Haddouche confirmed that the company is actively investigating the issue. The researcher also notes that the CSS code in its current form will freeze Safari on macOS "for a minute," and then slow it down, but the Mac won't crash. However, a modified version with Javascript could end with the same outcome as the iOS version, crashing the Mac computer that it's on.

Haddouche didn't publish the modified macOS vulnerability because once the computer reboots, Safari persists and the browser is automatically launched again with the same result, resulting in a cycle of reboots. The researcher says that he discovered the vulnerabilities during research for denial of service bugs on different web browsers.

Top Rated Comments

(View all)
Avatar
23 months ago

Unfortunately, he gives enough details for people to try exploiting the bug themselves.

It needs to be done. That’s how you keep big companies from brushing things under the carpet.
There are plenty of exploits Apple and others have ignored and continue to ignore. A consumer backlash is what keeps them in check.
Score: 10 Votes (Like | Disagree)
Avatar
23 months ago

Backdrop-filter is a CSS property that allows you to create for example the background blur effect you know from iOS / macOS. You know, there is a window and the windows behind that window are blurred. It uses a lot of GPU. If you create a lot of elements with this property, Safari starts freezing. But it's not security bug. If your website causes this kind of problem, people won't be visiting it and you are the only one who has some kind of "damage" because of that. I think you can freeze browser using JavaScript, if you run a badly written function. But why would you do that?

Because, a crash is the starting point of an exploit. If you can get it to run some arbitrary code right at or after the point of crash, maybe you can make the system do something it normally wouldn’t, or shouldn’t do.
Score: 5 Votes (Like | Disagree)
Avatar
23 months ago

It needs to be done. That’s how you keep big companies from brushing things under the carpet.
There are plenty of exploits Apple and others have ignored and continue to ignore. A consumer backlash is what keeps them in check.

Actually, this is highly improper. Generally-speaking, you inform companies a good bit prior to going live with the info, so that they have time to patch it first. If you care about those affected by this, it's the only right thing to do. This obviously hasn't been patched yet, so now millions out there are vulnerable, and anyone with enough experience can exploit it.
Score: 3 Votes (Like | Disagree)
Avatar
23 months ago

Actually, this is highly improper. Generally-speaking, you inform companies a good bit prior to going live with the info, so that they have time to patch it first. If you care about those affected by this, it's the only right thing to do. This obviously hasn't been patched yet, so now millions out there are vulnerable, and anyone with enough experience can exploit it.

This is more a nuisance bug, like the Telugu character. It's not a security bug. What exactly are millions vulnerable to, annoyance?
Score: 2 Votes (Like | Disagree)
Avatar
23 months ago
Unfortunately, he gives enough details for people to try exploiting the bug themselves.
Score: 2 Votes (Like | Disagree)
Avatar
23 months ago

Because, a crash is the starting point of an exploit. If you can get it to run some arbitrary code right at or after the point of crash, maybe you can make the system do something it normally wouldn’t, or shouldn’t do.

No its not. "Getting it to run some arbitrary code", is the starting point of an exploit. in fact the crash would stop any kind of exploit because the system is down, as in can't run anymore code.
Score: 2 Votes (Like | Disagree)

Top Stories

Apple's First MacBook Pro With a Retina Display Will Become 'Obsolete' in 30 Days

Monday June 1, 2020 7:50 am PDT by
If you are still hanging on to a Mid 2012 model of the 15-inch MacBook Pro with a Retina display, and require a new battery or other repairs, be sure to book an appointment with a service provider as soon as possible. In an internal memo today, obtained by MacRumors, Apple has indicated that this particular MacBook Pro model will be marked as "obsolete" worldwide on June 30, 2020, just over...

Five Mac Apps Worth Checking Out - June 2020

Tuesday June 2, 2020 2:25 pm PDT by
Apps developed for the Mac often don't receive as much coverage as apps designed for iPhones and iPads, so we have a series at MacRumors that highlights interesting Mac apps that are worth taking a look at. This month's apps are designed to make working from home a little bit easier. Subscribe to the MacRumors YouTube channel for more videos. Meeter (Free) - Working from home often...

Apple Music Joins Music Industry's Blackout Tuesday Awareness Campaign

Tuesday June 2, 2020 1:31 am PDT by
Apple Music has cancelled its Beats 1 radio schedule for Blackout Tuesday and is suggesting that listeners tune in to a radio stream celebrating the best in black music. Blackout Tuesday is a campaign organized by the music industry to support Black Lives Matter after Minneapolis citizen George Floyd was killed by police in the course of his arrest. On launching Apple Music, many users...

Next Apple Pencil Could Be Released in Black

Tuesday June 2, 2020 10:25 am PDT by
The next iteration of the Apple Pencil could be available in black for the first time, according to leaker Mr. White who shared the tidbit on Twitter this morning. A mockup of an Apple Pencil in black We haven't heard rumors of a next-generation Apple Pencil and it's not clear when a new model might be released. Apple is rumored to be working on mini-LED versions of the iPad Pro, and it's...

iPad Pro With A14X Chip, 5G, and Mini-LED Display Expected in First Half of 2021

Wednesday June 3, 2020 6:22 am PDT by
Apple plans to launch new iPad Pro models with an A14X chip, 5G connectivity, and a Mini-LED display in the first or second quarter of 2021, according to the increasingly reliable Twitter account L0vetodream. The leaker claims that the new iPad Pro models will be equipped with Qualcomm's Snapdragon X55 modem, which supports both mmWave and sub-6GHz. mmWave is a set of 5G frequencies that...

Apple Releases macOS Catalina 10.15.5 Supplemental Update With Security Fix

Monday June 1, 2020 10:56 am PDT by
Apple today released a supplemental update for macOS Catalina 10.15.5, the fifth update to the macOS Catalina operating system that was released in October 2019. The supplemental update comes a week after the release of the macOS Catalina 10.15.5 update. ‌macOS Catalina‌ 10.15.5 is a free update that can be downloaded from the Mac App Store using the Update feature in the System...

Tim Cook Addresses George Floyd's Death and Ensuing Protests and Riots as Apple Temporarily Closes Some U.S. Stores

Sunday May 31, 2020 8:04 pm PDT by
Amid unrest in numerous U.S. cities following last week's killing of George Floyd by police in Minneapolis, Apple CEO Tim Cook has shared an internal memo with employees (via Bloomberg) addressing the pain that many are feeling and urging others to commit "to creating a better, more just world for everyone." Cook also announced that Apple is making donations to several groups challenging...

iCloud Down for Many Users, Causing 'The Application You Have Selected Does Not Exist' Error [Update: Fixed]

Tuesday June 2, 2020 4:44 pm PDT by
iCloud appears to be down for many people at the current time, based on complaints from MacRumors readers and Twitter users. Apple's system status page was not initially displaying an error when the problems started, but has been updated to confirm an issue with iCloud account sign ins. The support site says that some users may be unable to sign in to their iCloud accounts and may also be...

iOS 14 Again Said to Be Compatible With All iPhones Able to Run iOS 13

Monday June 1, 2020 2:08 pm PDT by
iOS 14 will be compatible with all iPhones and iPod touch models able to run iOS 13, according to information shared today by Israeli site The Verifier. The compatibility data was allegedly found in a leaked version of iOS 14 and confirmed by what The Verifier says is a "trusted source from the system development process." iOS 13 is compatible with the iPhone 6s and later, with a full...

iPhone 13 Prototype Mockup Depicts Notch-Free Design and USB-C Port

Thursday June 4, 2020 10:07 am PDT by
We still have a few months to go before Apple unveils the iPhone 12, but rumors about the iPhone 13, coming in fall 2021, are already circulating. Japanese site Mac Otakara today shared a rough 3D printed mockup of a 5.5-inch iPhone said to be coming in 2021, which is from "Alibaba sources." The model may be built on leaked specifications and rumors, but where the info comes from is unclear. ...