Submitted via IRC for Fnord666
A security researcher has found a new way to crash and restart any iPhone — with just a few lines of code. Sabri Haddouche tweeted a proof-of-concept webpage with just 15 lines of code.
Sabri Haddouche tweeted a proof-of-concept webpage with just 15 lines of code which, if visited, will crash and restart an iPhone or iPad. Those on macOS may also see Safari freeze when opening the link.
Source: https://techcrunch.com/2018/09/15/a-new-css-based-web-attack-will-crash-and-restart-your-iphone/
This discussion has been archived.
No new comments can be posted.
A New CSS-Based Web Attack Will Crash and Restart Your iPhone
|
Log In/Create an Account
| Top
| 10 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
(1)
(Score: 2) by Subsentient on Tuesday September 18 2018, @10:15AM (8 children)
Why is the browser that intricately linked to the iOS userland?
Wtf?
Who does that? And moreover, who runs the OS on one process, that can be crashed and affect all others?
"It is no measure of health to be well adjusted to a profoundly sick society." -Jiddu Krishnamurti
(Score: 2) by nobu_the_bard on Tuesday September 18 2018, @11:56AM
Apparently the problem is WebKit having a rendering bug, which iOS mandates being used for all browsers and apps. Some older browsers other than Safari display the same bug but typically only the browser crashes. Windows has dealt with similar problems back in the day.
(Score: 4, Insightful) by FatPhil on Tuesday September 18 2018, @11:58AM (4 children)
Alternatively, you could just approach the concepts of inter/intra-task/driver/kernel protection from a new perspective, and do something like The Mill Architecture: https://millcomputing.com/docs/#security
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 1, Interesting) by Anonymous Coward on Tuesday September 18 2018, @04:07PM (2 children)
I would argue that an OS meant to run on a smallish battery has particular tradeoffs.
You can't ignore computing overhead like you can on a big laptop or desktop. Keeping it leaner is more justifiable.
And for what it's worth, my iPhone has never brought down the OS from a bad webpage. It has always been the browser crashing and restarting *the browser*. This is an amazing stability record. The CSS bug is the only bug of its type I have heard about.
(Score: 0) by Anonymous Coward on Tuesday September 18 2018, @06:20PM (1 child)
Whenever there's a problem, you fanbois evoke the SJRDF, and spin it has a the exception that proves the INSANELY GREAT nature of Apple products.
Come on, man. Just say it: This is a terrible bug; Apple screwed up, and will hopefully do better in the future.
(Score: 0) by Anonymous Coward on Wednesday September 19 2018, @02:02AM
It is a critical bug that must be fixed immediately.
That does nothing to negate the very stable experience I have had with my iPhone.
(Score: 1, Offtopic) by MichaelDavidCrawford on Tuesday September 18 2018, @08:53PM
TI RTOS Kernel has no concept of memory mapping. Everything runs in physical memory
This is very common: MMUs are expensive, take up lots of silicon real estate, consume power, produce heat and use lots of memory
Yes it takes memory to map memory. It's not uncommon for memory protected kernels to have a gig of page tables. That's why the Linux kernel mailing list is so full of discussions about reducing memory fragmentation: two discontinuous memory mappings will consume two page table entries
I do embedded and drivers because my clients are happy to give me all the time and money I require to get all the bugs out. My GUI client's were never that way
Yes I Have No Bananas. [gofundme.com]
(Score: 4, Insightful) by MichaelDavidCrawford on Tuesday September 18 2018, @08:45PM (1 child)
Yes there is the sandbox but security having to do with the user ID is entirely unimplemented
It's easy to crash Linux with a root user space program. try writing an MP3 of "American Woman" into /dev/kmem
Yes I Have No Bananas. [gofundme.com]
(Score: 2) by Subsentient on Wednesday September 19 2018, @01:49PM
I have /dev/kmem disabled because it's considered a security hole. Partly for reasons like that. >.
"It is no measure of health to be well adjusted to a profoundly sick society." -Jiddu Krishnamurti
(Score: 2) by MichaelDavidCrawford on Tuesday September 18 2018, @08:39PM
I'm going to dig up the bug number then submit a new bug that references it
The problem is that iOS overcommits resources. It's just like check kiting: write a hot check then go to Vegas in hopes you can win enough to cover your chef
In my specific case, allocating too much memory with calloc() will crash the app rather than return NULL. This because the amount of memory that really does get allocated is substantially less than the requested amount. calloc() zeroes its buffer, eventually writes into unmapped memory.
Apple's response? They asserted that I was ignorant then closed the bug.
Yes I Have No Bananas. [gofundme.com]