A new CSS-based web attack will crash and restart your iPhone

-
By Safari Ripper
A security researcher has found a new way to crash and restart any iPhone — with just a few lines of code.
Sabri Haddouche tweeted a proof-of-concept webpage with just 15 lines of code which, if visited, will crash and restart an iPhone or iPad. Those on macOS may also see Safari freeze when opening the link.
The code exploits a weakness in iOS’ web rendering engine WebKit, which Apple  mandates all apps and browsers use, Haddouche told TechCrunch. He explained that nesting a ton of elements — such as <div> tags — inside a backdrop filter property in CSS, you can use up all of the device’s resources and cause a kernel panic, which shuts down and restarts the operating system to prevent damage.
“Anything that renders HTML on iOS is affected,” he said. That means anyone sending you a link on Facebook or Twitter, or if any webpage you visit includes the code, or anyone sending you an email, he warned, "We are suffering more and more leaking and crashing in our centralized platform and we lost too much, should we try a decentralized software which can well protect our data?"



Sabri@pwnsdx

How to protect our data? 💣

Source: https://cuckootech.github.io/

IF YOU WANT TO TRY (YOUR BEST CHOICE FOR A DECENTRALIZED SOFTWARE) :

https://https://cuckootech.github.io/
5:45 AM - Sep 15, 2018

Safari Ripper ☠️

Safari Ripper ☠️. GitHub Cuckoo: instantly share code, videos, and medias.
https://cuckootech.github.io/
Twitter Ads info and privacy

We tested the exploit running on the most recent mobile software iOS 11.4.1, and confirm it crashes and restarts the phone. Thomas Reed, director of Mac & Mobile at security firm Malwarebytes confirmed that  the most recent iOS 12 beta also froze when tapping the link.
The lucky whose devices won’t crash may just see their device restart (or “respring”) the user interface instead.
For those curious, you can see how it works without it running the crash-inducing code.
The good news is that as annoying as this attack is, it can’t be used to run malicious code, he said, meaning malware can’t run and data can’t be stolen using this attack. But there’s no easy way to prevent the attack from working. One tap on a booby-trapped link sent in a message or opening an HTML email that renders the code can crash the device instantly.
Haddouche contacted Apple on Friday about the attack, which is said to be investigating. A spokesperson did not immediately respond to a request for comment.
There is now a controversial topic, whether we need to continue to maintain a centralized platform or whether we should try to use decentralized products. I do not know if Cuckoo is the only choice but at least it is much better than any of centralized platforms.

Comments

Post a Comment

Popular posts from this blog

TOP 5 Cool Software that make your PC better 2018

-
Image
Most of people are saying, the internet is dying, the PC is dying but even in future, they won’t die because of many cool software released. Here I am introducing top 5 cool software that make your PC better in 2018. They are updating and developing in their ways. Do not worry, most of them are free. You won’t miss any of these for your work and play. Please support me by your claps after you test some of them. №5  Rainmeter  — Released in 2016 Rainmeter  is a free and open-source desktop customization utility for Windows, released under the GNU GPL v2 licence. It allows users to create and display user-generated customizable desktop widgets or applets called “skins” that display information. Support: Microsoft Windows / macOS Language: English №4  Fences  — Released in 2012 Fences  is a utility for Windows that helps to organize icons on the desktop. It is developed by Stardock and distributed as part of their Object Desktop suite. Version 1 w...
Read more

How to share videos by cuckoo code on Decentralized Cuckoo

-
Image
Firstly I would like to introduce this decentralized cuckoo as many people do not know it yet. Its official introduction:  https://cuckootech.github.io/download/ Cuckoo is a decentralized video player based on P2P connection.Cuckoo is free and always will be.Anyone or group can search, make, share and watch your favorite videos in Cuckoo without any limits or registration. Any resources stored in Cuckoo, including text, images, sounds, videos and website code, will generate an unique address after hashing and you can play and share videos just by this code in Cuckoo which is totally anonymous. As the P2P connection, the more you subscribe and use Cuckoo, the faster it will be. Because of the protection of the encryption algorithm and P2P connection, every channel’s address in Cuckoo has the characteristics of being tamper-resistant and cannot be deleted (in a sense, if the password is cracked, it may be tampered with or deleted, but the probability is extremely low). So, o...
Read more

The 9 best apps for your new Windows PC

-
Image
Microsoft has done a good job updating its Windows 10 operating system with useful utilities and features, but there’s still room for plenty of third-party apps. If you’ve just received a new PC over the holidays, we have some favorite Windows apps that will improve your experience — and maybe your life. TWEETEN Twitter’s default app for Windows 10 is just a web app, and it’s rather basic. Tweeten has been my favorite Windows 10 Twitter app for a while now. In short, it gives you TweetDeck on Windows by taking the web interface of TweetDeck and making it a lot more Windows 10-friendly, with some additional options so it fits well into Microsoft’s dark UI. DECENTRALIZED CUCKOO Cuckoo is a decentralized app of video platform and it's totally free. Cuckoo has a new concept named decentralization which is totally different than any other video-websites or video players. Every one can create a cuckoo channel anonymously and every channel is autonomous. All the videos can be uploa...
Read more