Security researcher Sabri Haddouche recently uncovered a new vulnerability in iOS, which can cause a device to crash when clicking a link. The Safari Ripper vulnerability affects the WebKit engine on iOS as well as macOS.
Table of Contents
Safari Ripper can rip your iPhone apart in an instant
CSS is an important web technology for almost all online websites and determines the look and style of a website. This new vulnerability deals with the background-filter effect, a fairly new CSS property.
In order to crash iPhone, ethical hacker Sabri Haddouche added a few CSS lines to the webpage that adds a blur effect to all existing div elements.
As a result, WebKit renderer gets overloaded because the background-filter effect is quite heavy to process, forcing the device to restart.
macOS is also vulnerable to this attack but only affects a single browser tab. The rest of the system continues to function like it’s supposed to.
— Sabri (@pwnsdx) September 15, 2018
Thankfully, this attack is only capable of “panicking” the device. Once your iPhone or iPad restarts, you can start using it again normally.
This severely reduces the possibility of it being utilized for sinister purposes such as data theft.
Affected Operating Systems
Safari Ripper is working on the latest version of iOS 12, that is, the Gold Master build as well as all iterations of iOS 11.
Surprisingly, firmware versions as old as iOS 10 and 9 are also vulnerable to this attack.
According to Haddouche, it is possible to crash macOS by modifying the code. However, the hacker deliberately withheld the code that works on macOS as it could possibly be used to crash Mac systems.
Some users have also reported that it works just as effectively on Windows (Internet Explorer).
The security researcher informed Apple before he published the Safari Ripper WebKit exploit. Hopefully, Apple will release an update within a few weeks that will patch the vulnerability on all affected operating systems.
It’s a great chaiOS alternative and here’s how you can test this attack on others’ devices (for research purposes only).
How to crash others’ devices using Safari Ripper
- Open WhatsApp or any other messaging app.
- Copy this link and message it to the target along with an enticing message.
- Wait for the user to open the link.