Watch Out! This New Web Exploit Can Crash and Restart Your iPhone

September 16, 2018Wang Wei

iphone hack crash phone

It’s 2018, and just a few lines of code can crash and restart any iPhone or iPad and can cause a Mac computer to freeze.

Sabri Haddouche, a security researcher at encrypted instant messaging app Wire, revealed a proof-of-concept (PoC) web page containing an exploit that uses only a few lines of specially crafted CSS & HTML code.

Beyond just a simple crash, the web page, if visited, causes a full device kernel panic and an entire system reboot.

The Haddouche’s PoC exploits a weakness in Apple’s web rendering engine WebKit, which is used by all apps and web browsers running on the Apple’s operating system.

ATTENTION: Click Here To Get Over $100,000 Money Transfer Through Bank Transfer Hackers!!!

ATTENTION: Get Your Hacked Western Union MTCN Transfer and Cash Out Over $2500 within minutes!!!

ATTENTION: Click Here For Your Blank/Cloned ATM Cards for ATM Cashout and Online Purchase!!!


Since the Webkit issue failed to properly load multiple elements such as “div” tags inside a backdrop filter property in CSS, Haddouche created a web page that uses up all of the device’s resources, causing shut down and restart of the device due to kernel panic.

You can also watch the video demonstration published by the researcher, which shows the iPhone crash attack in action.

All web browsers, including Microsoft Edge, Internet Explorer, and Safari on iOS, as well as Safari and Mail in macOS, are vulnerable to this CSS-based web attack, because all of them use the WebKit rendering engine.

Windows and Linux users are not affected by this vulnerability.

The Hacker News tested the attack on different web browsers, including Chrome, Safari, and Edge (on MacBook Pro and iPhone X) and it still worked on the latest version of both macOS and iOS operating systems.

So, Apple users are advised to be vigilant while visiting any web page including the code or clicking on links sent over their Facebook or WhatsApp account, or in an email.

Haddouche has posted the source code of the CSS & HTML web page that causes this attack on his GitHub page

Haddouche said he already reported the issue to Apple about the Webkit vulnerability and the company is possibly investigating the issue and working on a fix to address it in a future release.

Leave a Reply

Your email address will not be published. Required fields are marked *