WebKit flaw crashes iPhones when malicious page opened in browsers, HTML-rendering apps
A security researcher has disclosed a bug in WebKit that can cause a kernel panic on an iOS device, prompting a restart of an affected iPhone or iPad, by exploiting a vulnerability in the rendering engine using just 15 lines of code in a webpage.
Posted to Twitter on Saturday, the code released by researcher Sabri Haddouche is capable of causing an iOS device to crash upon viewing, reports TechCrunch. The flaw also affects macOS but in a lesser way, with Safari freezing shortly after visiting the same site.
While only 15 lines long, the bug is effective in consuming resources on iOS devices, all by abusing CSS. Haddouche explained the page nested a large number of "div" tags within a backdrop filter property in CSS, which in turn exhausts a device's resources and commences a kernel panic. The iOS device then reboots to avoid any potential damage.
"Anything that renders HTML on iOS is affected," according to Haddouche, which includes any app that uses WebKit, Apple's rendering engine of choice. While this extends to other browsers than Safari, which are forced to use WebKit instead of another rendering engine, this also applies to apps that have their own browser to view the contents of links, including Twitter, and any that renders HTML, such as email clients.
While the code can crash an iOS device, and it could be used by others to cause someone's iPhone or iPad to crash by including the lines in a message, it is a mostly benign vulnerability in WebKit. Haddouche notes the code cannot be used to execute malware or to perform attacks that could steal a user's data, but it is difficult to stop the attack from happening once those lines are loaded.
Haddouche has released the code via GitHub in a safe-to-view fashion, as well as through an active site so interested parties can see how it works on their own hardware. The researcher claims he advised Apple about the issue on Friday, with the company said to be investigating the matter.