Security researchers have revealed a bug in WebKit, which may cause a kernel panic on the iOS device and prompt reboot of the affected iPhone or iPad.
The code released by the investigator Sabri Haddouche will be published on Twitter on Saturday and the iOS device may crash on browsing TechCrunch. This flaw also affects macOS, but Safari will not freeze shortly after visiting the same site.
Although it is only 15 lines, this bug is effective to consume resources on iOS devices, all effective by misuse of CSS. Haddouche explained that this page nests numerous "div" tags in the CSS background filter property, runs out of the device's resources and starts a kernel panic. To avoid potential damage, the iOS device will be restarted.
"Everything rendering HTML on iOS is all affected," Haddouche says, including any application that uses WebKit, Apple 's rendering engine. This also applies to browsers other than Safari that use WebKit rather than another rendering engine, but this is also applicable to applications that have their own browser to display the content of links such as Twitter, HTML clients such as e-mail .
Code can crash an iOS device and can be used by others to crash by putting a message on someone's iPhone or iPad, but it is a vulnerable vulnerability in WebKit. Haddouche can not use code to execute attacks that may run malware or potentially steal user's data, but it is difficult for attacks to stop stopping once that line is loaded.
Haddouche makes it possible to view the code securely via GitHub, and it is open through active sites so that stakeholders can see how it works on their hardware. The investigator alleges that the company advised Apple about the problem on Friday and said the company was investigating the problem.