Don't Let This Attack Freeze Your Mac or iPhone
Just over a month after researchers demonstrated that hackers can hijack mouse clicks on a Mac, a new report indicates that specially crafted web pages can freeze or crash Macs and iPhones.
Security researcher Sabri Haddouche has created HTML and CSS code that, when hosted by a web page, attacks visitors' devices.
"The attack uses a weakness in the -webkit-backdrop-filter CSS property," Haddouche told BleepingComputer. "By using nested divs with that property, we can quickly consume all graphic resources and crash or freeze the OS."
In other words, while the code is just 15 lines long, it contains a massive amount of <div> tags, which consume all of your device's graphic resources, causing it to freeze or restart.
Haddouche went on to note that the attack affects all browsers on iOS, as well as Safari and Mail in macOS.
"All browsers on iOS are affected because the underlying rendering engine is WebKit," Haddouche explained.
Visiting the webpage on a Mac will cause Mail and Safari to freeze for a second, and the computer running them to slow down. (Once you've closed the Safari tab running the code, the computer returns to normal).
It caused a device running iOS 12 to reboot completely, but caused an iOS 11.4.1 device to only respring (boot the user to the lock screen). According to Twitter user Robert Petersen, the web page causes an Apple Watch running watchOS 5 to freeze and reboot as well.
Haddouche claims he has also created an attack using HTML, CSS and JavaScript that will totally freeze macOS computers, and cause them to re-launch the same malicious webpage upon rebooting, in effect putting them into a temporary boot loop.
Many Mac users still assume Macs aren't vulnerable to malware and adware, but the truth is that the past two years have seen more Mac vulnerabilities than ever before.
Just a few weeks ago, North Korean state-sponsored hackers used Mac malware to successfully hack a cryptocurrency exchange platform. And back in January, a researcher discovered a piece of macOS malware that reroutes your traffic to malicious websites, and could also be used to steal passwords, take screenshots, download files, run software and more.
Unfortunately, there isn't much you can do to prevent these attacks. We'll just have to wait for Apple to release a patch. In the meantime, take extra care not to click on links that you're not familiar with.
Source tomsguide
Latest Jobs
-
- Application Security Analyst
- London
- Up to £85,000 Base
-
An Application Security Analyst is needed for an innovative commercial organisation in London. The Application Security Analyst will be working closely with the development team and should possess a blend of application security, development languages and Information Security skills. Application Security Analyst MUST have strong interpersonal skills. The Application Security Analyst role will include, but in no way be limited to; designing solutions to maintain security, whilst incorporating design solutions in Development, DevOps and Architectural best practices. Conduct application-level penetration testing and review security architecture of Product suite. Executing projects to implement a Security strategy. Knowledge / Experience should include; penetration testing consultancy, source code reviews, vulnerability management and security assessments. Experience with the following is desirable: Agile Development, Fortify 360 SCA, IBM Rational AppScan and exposure to security industry standards - ISO27001 and PCI-DSS. The ideal candidate will have 3 years’ experience in a similar Information Security role and have relevant security qualifications - CISM / CISSP or CISA etc. This is a client facing opportunity where you will be expected to travel to customer sites. Reference Number: OG7484 (Application Security, Penetration Testing, Information Security)
-
- Cloud Network Engineer
- Leeds
- Up to £35,000 Base + Bonus + Possible Share Options
-
One of our clients, an exciting UK based start-up is on the lookout for a Cloud Network Engineer in Yorkshire. The Cloud Network Engineer will need current CCNA / CCNP level networking experience (Cisco, BGP, IP etc.), cloud networking understanding (Azure, AWS etc.) and current experience ideally within a client facing / consultancy role. (Cloud Engineer, Network Engineer, Azure, AWS, Amazon Web Services) Reference Number: PG7477
-
- Senior Service Desk Analyst
- Wiltshire
- Up to £32,000 Base + £6,400 Shift Allowance
-
We are currently working on behalf of an IT Service Provider based in Wiltshire who are on the lookout for a Senior Service Desk Analyst. The Senior Service Desk Analyst will be responsible for logging, managing and escalating internal & external incidents and requests. This is an excellent opportunity to join a business recognised for what they do and work with a number of top UK businesses. You’ll be able to manage your career development and gain additional training e.g. certifications etc. This role will include a shift (4 days on then 4 days off) which covers 24/7 12 hour shifts The ideal candidate will be currently working in a IT service desk / IT support role ideally in an IT Services business. Reference Number: PG7476 (Service Desk Administrator, Analyst, Support, Service Desk Support, shift work, traning, Information Technology, Customer service, Customer support)
-
- Data Centre Service Delivery Manager
- Hertfordshire
- Up to £50,000 + Package
-
A Data Centre Service Delivery Manager is needed to join a specialist connectivity provider in Hertfordshire. The company is going through a huge growth programme and this is an excellent opening for someone to join a business who are working with globally recognised organisations. You’ll be responsible for: Supporting the Commercial Director with management of existing and potential customers being the main point of contact. Maintaining and improving the company’s current and new services Customer relationship management Attending customer meetings in order to provide guidance to customers Keeping up a high quality level of service Updating appropriate documentation such as policy and procedures and making sure these are in place and followed Change and Incident management Service Level Agreements Experience required Must have current experience working in a Data centre environment in a Service Delivery role. An understanding of Data Centre technology and terminology. Experience of dealing with people of all levels within a business (Engineers to Board level) In return you'll have the ability to work in a cutting edge environment and work with a variety of well known international clients REF: PG7475