A newly discovered attach will cause a Mac to freeze and an iPhone to restart if the device visits a webpage with specific CSS & HTML. This bug doesn’t affect Windows and Linux users so it’s something that iOS and macOS users only have to keep an eye out for. It was discovered by Sabri Haddouche who is a security researcher at encrypted messaging app developer Wire.
“The attack uses a weakness in the -webkit-backdrop-filter CSS property,” Haddouche explained to BleepingComputer, adding that it can be leveraged to consume all graphics resources to crash or freeze the operating system. The attack doesn’t require users to have JavaScript enabled so it also works in Mail.
The attack can be executed through Safari and Mail in macOS and all browsers on iOS as they use the same WebKit rendering engine. Apple’s App Store rules don’t allow developers to bring their own rendering engine which is why all iOS browsers are susceptible to this attack.
The effect on the iOS device depends on the version being used. It could cause a respring which is a reboot of the user interface or a complete reboot. Haddouche’s tests show a restart on iOS 12 and a respring on iOS 11.4.1. On macOS, Safari or Maril will only freeze for a second and then slow the Mac down.
Until Apple deploys a fix for the issue, there’s really no way to protect yourself against this except being very careful with unknown webpages and emails.
Filed in iOS, macOS and Social Hit.
. Read more about