Sabri Haddouche, a developer and cyber security specialist discovered a bug that crashes any iOS device.
The bug is a simple HTML page, when opened in any browser like Safari or IE, causes them to hang and then restart the device.
This bug consists of a 2 line of a CSS and some number of HTML rendering tags like DIV tag. So when this page created in HTML is given the CSS property of backdrop-filter: blur(10px);
it causes the browser to crash.
How to force restart any iOS device with just CSS? 💣
Source: https://t.co/Ib6dBDUOhn
IF YOU WANT TO TRY (DON’T BLAME ME IF YOU CLICK) : https://t.co/4Ql8uDYvY3
— Sabri (@pwnsdx) September 15, 2018
For demo purpose Haddouche, wrote a block of code, which contains the background-image on which he has applied the backdrop-filter
and set its height and width to cover the complete page. Then he repeated this DIV tag multiple times so to create a log on the browser which when reaches a threshold crashes the browser or in some cases also hangs the device and leads to auto-restart.
So, if someone sends you a mail with this plain HTML, it crash your system.
Original Git: https://gist.github.com/pwnsdx/ce64de2760996a6c432f06d612e33aea
Websites with corrupt code:
- https://cdn.rawgit.com/pwnsdx/ce64de2760996a6c432f06d612e33aea/raw/fb78440ee4bce427f0cde98a4e9feadfd9eed198/safari-reaper.html
- //cssis.life
- https://cdn.rawgit.com/186c0/Respring/master/safari-reaper.html
- //www.zhangshuzheng.cn/wao.html
Browser’s affected:
- EDGE (after loading it multiple times),
- iOS 10.3, iOS 9.2.1
- Windows 7 by IE 11.0.9600.19130
- Crashes iMac running latest MacOS Mojave as well as MacBooks running Sierra
- Some websites having the modified version of this code are also reported to crash Firefox on Ubuntu machines
If you really get stuck, the best option is to restart your device and put it on flight mode or disconnected from Internet and then open the browser which crashed your website and remove it from the URL or close your saved Tab.