Hacking

Researcher devised a new CSS & HTML attack that causes iPhone reboot or freezes Macs

The security researcher Sabri Haddouche from Wire devised a new CSS attack that causes iPhone reboot or freezes Macs.

The security researcher Sabri Haddouche from Wire devised a new attack method that saturates Apple device’s resources and causing it crashes or system restarts when visiting a web page. The experts discovered that iOS restart and macOS freezes when the user visits a web page that contains certain CSS & HTML.

Depending on the version of iOS being used, the bug could trigger the UI restart, cause a kernel panic and consequent device reboot.

This attack leverages a weakness in the -webkit-backdrop-filter CSS, for this reason, it affects all browsers on iOS that leverage on WebKit as rendering engine is WebKit. The weakness also affects Safari and Mail in macOS, but it doesn’t affect Linux and Windows systems.

“The attack exploits a weakness in the –webkit-backdrop-filter CSS property,” Haddouche explained to BleepingComputer. “By using nested divs with that property, we can quickly consume all graphic resources and crash or freeze the OS. The attack does not require Javascript to be enabled therefore it also works in Mail. On macOS, the UI freeze. On iOS, the device restart.”

Haddouche successfully tested the attack on iOS 12 and caused the device to reboot, on iOS 11.4.1 it only caused a UI restart.

Haddouche explained that on macOS, the attack will only cause Mail and Safari to freeze for a second and then slow down the computer.

Haddouche also devised another attack that uses HTML, CSS, and JavaScript to completely freeze macOS systems. The researchers told Bleeping Computer that he has not disclosed it because it persists after reboot and macOS will relaunch Safari with the malicious page, causing the system entering in a look that freeze it again.

Lawrence Abrams from Bleeping Computer created a video showing what happens when a user visits the attack page created by Haddouche (sees the rawgit[.]com) and published on Github. Lawrence used an iPhone running iOS 11.4.1.

The bad news is that there is no mitigation for this attack.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – iPhone reboot, CSS attack)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

U.S. CISA adds a Fortinet flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Fortinet vulnerability to its Known Exploited Vulnerabilities…

3 hours ago

Kosovo authorities extradited admin of the cybercrime marketplace BlackDB.cc

Kosovar citizen extradited to the US for running the cybercrime marketplace BlackDB.cc appeared in federal…

4 hours ago

U.S. CISA adds Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Windows flaws to its Known Exploited…

15 hours ago

Ivanti fixed two EPMM flaws exploited in limited attacks

Ivanti addressed two Endpoint Manager Mobile (EPMM) software vulnerabilities that have been exploited in limited…

17 hours ago

Microsoft Patch Tuesday security updates for May 2025 fixed 5 actively exploited zero-days

Microsoft Patch Tuesday security updates for May 2025 addressed 75 security flaws across multiple products, including…

1 day ago

Fortinet fixed actively exploited FortiVoice zero-day<gwmw style="display:none;"></gwmw><gwmw style="display:none;"></gwmw>

Fortinet fixed a critical remote code execution zero-day vulnerability actively exploited in attacks targeting FortiVoice…

1 day ago