A new security exploit has been found that can crash and restart any iPhone with only a few lines of code. Security researcher Sabri Haddouche posted a 15-line proof-of-concept that when visited can crash and restart an iPhone or an iPad. Safari on MacOS can only freeze.
The code takes advantage of a weakness in Webkit, Apple’s web rendering engine that the company forces all apps and browsers to use. The security researcher told TechCrunch that by nesting HTML tags inside a family property in CSS can use up all of the system’s resources leading to kernel panic. Eventually, the iOS device shuts down and restarts to prevent damage to the OS.
The researcher said anything that renders HTML on iOS can be affected which means if a link on Facebook or Twitter, or a webpage or an email containing the code, can crash and restart your iPhone.
Users reported that the exploit works and iOS 11.4.1-running devices do crash and restart. For some users, the device may not restart. The UI may refresh instead.
The code, even though it’s annoying, cannot be used to run malicious code. Malware cannot take advantage of the code to steal data from your iPhone. But there’s no way to prevent the attack either. A link containing the code will immediately send an iPhone crashing.
Apple is reportedly investigating the issue according to TechCrunch.