Developer Demos Web Code That Can Cause iOS 7+ Devices To Reboot
The thought of something simple like a link or an iMessage being able to take down an iPhone or an iPad used to be something that we would scoff at, but as the years have rolled on, it’s happened time and time again.
Apple tends to fix these things pretty quickly, but there’s a new issue for its teams to work on after a security researcher going by the name @pwnsdx on Twitter shared information that can cause a kernel panic on iOS devices.
The issue, which appears to have first been introduced in iOS 7 but continues to be prevalent in iOS 12, means that a few lines of code that apply a blur effect to some elements on the page can overload WebKit, the rendering engine that iOS uses and is obviously heavily utilized by Safari and other parts of iOS. When WebKit becomes overloaded, the system as a whole crashes, causing the device to restart completely.
The researcher has already shared a snippet of code that can cause this, with just a few lines of HTML and CSS capable of taking an entire mobile device down. We’ve seen similar bugs like this in the past, but while they have been able to spread via something like iMessage and associated notifications in the past, this particular issue needs a user to visit a website in order to be impacted. It’s possible the HTML and CSS could be sent to a user via email, causing the same crash, but it cannot then spread like wildfire.
We’d expect Apple to release a patch for this issue in the coming weeks, perhaps as part of iOS 12.0.1 or iOS 12.1.