iPhones crashing when rendering specific text and opening links isn't anything new, however, the issue is a bit more severe if the problematic content in question isn't malicious in any other way and affects more than one class of devices. Recently, a CSS-based web attack has been discovered which crashes iPhones and causes web browsers such as Microsoft Edge, Internet Explorer, and Safari to crash when a webpage hosting the specific CSS code format is rendered.
Security researcher Sabri Haddouche has posted a proof-of-concept webpage that affects a myriad of software on various devices. The webpage in question contains only 15 lines of code and you can check out the webpage here at your own risk.
Haddouche's research mentions that the problem affects browsers utilizing Apple's web rendering engine WebKit, which has difficulty loading multiple elements in a backdrop filter property in CSS. Loading the webpage uses up all of the device's resources, which causes a device restart due to kernel panic.
A bit of sleuthing from Neowin has also revealed that the problem doesn't only affect WebKit browsers, but also results in temporary freezing on Microsoft Edge and Internet Explorer 11. The following error message can be seen on Microsoft Edge after a few seconds:
Interestingly, the problematic CSS code does not affect Google Chrome, which instantly loads the page without a hitch. Furthermore, it is important to note that the issue only leaves your device vulnerable to crashing or freezing, and does not result in the loss of sensitive data. We have reached out to Microsoft and Apple regarding the bug and will update if the companies respond.
Have you tested Haddouche's webpage in any other browser? If so, does it also crash? Let us know in the comments section below!
22 Comments - Add comment