Security News This web code snippet causes Kernal Panic on iOS 11 and 12

Ink

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
Links that cause iPhones and iPads to crash or reboot have become a bit of a trend in recent years. The latest was released by security researcher @pwnsdx over Twitter. What’s interesting about this one in particular is it relies on a simple snippet of HTML and CSS and causes a full device kernel panic, beyond just a simple Springboard crash.
The bug affects any iOS device that can interpret the background-filter effect, something which was first introduced in iOS 7. Essentially, the few lines of CSS apply a computed blur effect to every div element on the page. The accompanying HTML includes a lot of div elements.

The computationally-expensive drawing overloads the WebKit renderer and the system cannot recover other than to kernel panic, crash to the Apple logo, and reboot.

Apple and the WebKit groups will no doubt roll out a fix in the coming weeks that will make its way into a future iOS update.

Warning: 9to5Mac has confirmed it does work on iOS 11 and iOS 12, so you don’t have to. It can also cause some desktop web browsers to freeze up.

You can see the source code of the bug here; it’s only a few lines of HTML and CSS. You can open the ‘safari-ripper.html’ link on that page if you want to try it out yourself — but the usual disclaimers and warnings apply.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top