The vulnerability hits the WebKit rendering engine used in Safari by applying a CSS effect -- "backdrop-filter" -- that requires enough heavy graphics processing to cause iOS to crash completely.
Software engineer and security researcher Sabri Haddouche, who works for encrypted messaging app Wire, discovered the vulnerability and shared videos of its effects on Twitter. Haddouche also discussed his findings with ZDNet:
"The attack uses a weakness in the -webkit-backdrop-filter CSS property, which uses 3D acceleration to process elements behind them," Haddouche told ZDNet in an interview.Apple has been notified of the vulnerability, and Haddouche confirmed that the company is actively investigating the issue. The researcher also notes that the CSS code in its current form will freeze Safari on macOS "for a minute," and then slow it down, but the Mac won't crash. However, a modified version with Javascript could end with the same outcome as the iOS version, crashing the Mac computer that it's on.
"By using nested divs with that property, we can quickly consume all graphic resources and freeze or kernel panic the OS."
Haddouche didn't publish the modified macOS vulnerability because once the computer reboots, Safari persists and the browser is automatically launched again with the same result, resulting in a cycle of reboots. The researcher says that he discovered the vulnerabilities during research for denial of service bugs on different web browsers.
Tag: Vulnerabiltiies
Discuss this article in our forums