WebKit exploit can crash Macs and iOS devices

By

Apple offers up to $1.5 million to anyone who spots a software flaw
If only real online pranksters were like these guys!
Photo: Hackers, United Artists

A security researcher discovered a new Safari vulnerability capable of crashing your Apple device. The vulnerability exists in the WebKit engine used to render pages in Apple’s web browser.

The crash can be triggered by linking someone to a page containing a line of CSS code, according to Sabri Haddouche, the Berlin-based researcher who discovered the problem. This initiates a heavy processing effect known as backdrop-filter, which ultimately results in a crash, and the device having to be restarted.

It sounds like the vulnerability is more of a problem on macOS, although this requires a modified version of the vulnerability containing Javascript. In the macOS version, Safari will restart immediately after a forced reboot. This can trigger the crash a second (and third, and fourth…) time.

Apple is on the case

Fortunately, it sounds like Apple is on the case. Speaking with ZDNet, Haddouche said he informed Cupertino about the flaw.

“I contacted them using their security product email,” Haddouche said. “They confirmed they received the issue and are investigating it.”

Although Apple devices suffer fewer security flaws than others, researchers still manage to discover a steady stream of vulnerabilities. Often, these problems prove capable of overloading devices and causing them to crash. Most of the time, security researchers find the vulnerabilities and let Apple know to fix them. Occasionally, troublemakers identify the defects and attempt to use them maliciously.

Newsletters

Daily round-ups or a weekly refresher, straight from Cult of Mac to your inbox.

  • The Weekender

    The week's best Apple news, reviews and how-tos from Cult of Mac, every Saturday morning. Our readers say: "Thank you guys for always posting cool stuff" -- Vaughn Nevins. "Very informative" -- Kenly Xavier.