After a bug involving a Telegu character started crashing iPhones around the world recently, a security researcher seems to have found a new way to crash and restart any iPhone. This one requires a few lines of code and all iPhones and iPads are vulnerable to it while Mac users will see Safari crash if the code is run.
Web developer Sabri Haddouche explained in an interview with TechCrunch that the code has 15 lines and exploits "a weakness in iOS’ web rendering engine WebKit". Now, this WebKit is mandated by all apps and browsers used across all its products. This exploit is currently available on this GitHub page under the title 'Safari Reaper'. How appropriate.
When TechCrunch, tested this code on iOS 11.4.1, the iPhone did indeed restart after freezing for some time. As per the report, iOS 12 Beta also crashed after the code was executed. Tech2 also ran the code on an iPhone SE running on iOS 11.4.1 and it crashed and restarted.
How to force restart any iOS device with just CSS? 💣
IF YOU WANT TO TRY (DON’T BLAME ME IF YOU CLICK) : https://t.co/4Ql8uDYvY3
— Sabri (@pwnsdx) September 15, 2018
Well the good thing here is that this seems to be Safari related bug only as trying to open the code in Telegram messaging app didn't do anything. There is no need to worry about data security since the code cannot be executed to malware as per the report.
However, if anyone sends you this link disguised as some other URL and you click it, your iPhone will restart. An annoying bug for sure but with no major consequences. The report states that Apple is looking into fixing the bug.
In other more related news, iOS 12 will be hitting devices globally today. To know more about it, click here.