A few lines of code that can easily be shared over email or social media posts is causing havoc for iPod and iPhone owners.
As soon as the snippet of code appears on screen, the Apple device will reboot without warning — leaving unsaved data lost.
The code was discovered by Berlin-based security researcher Sabri Haddouche, who shared the discovery in a post on Twitter.
The snippet is a form of code known as CSS, which stands for ‘Cascading Style Sheets’, and controls how simple HTML code is displayed on a screen.
Any iOS or macOS devices that open the code will instantly crash and restart as the device is unable to process the demand and is forced to shut down.
Apple has confirmed it is aware of the glitch and working on a fix.
A simple piece of code that can be sent over email or social media can cause any iPod or iPhone to crash. It was discovered by a security researcher who shared his discovery on Twitter (file photo)
The code manipulates the workings of the CSS code and exploits a weakness in how Apple devices process the code.
It tries to apply a CSS effect known as backdrop-filter to a series DIVs – webpage segments that contain other page elements and divides the HTML document into sections.
Backdrop-filter is a relative new feature of CSS and blurs the colour of the area behind an element.
The procedure initiated by the code proves too much for the iPhone and iPad to adequately process and they shut down and restart as a precaution.
iOS security researcher Sabri Haddouche posted the source code on Twitter and followed it up with a video showing how the code immediately crashes his phone.
‘The attack uses a weakness in the -webkit-backdrop-filter CSS property, which uses 3D acceleration to process elements behind them,’ Mr Haddouche told ZDNet.
‘By using nested DIVs with that property, we can quickly consume all graphic resources and freeze or kernel panic the OS.’
Mr Haddouche says the vulnerability also affects macOS systems — not just iOS.
Anyone who send the snippet of code to an iPhone, iPad, iPod Touch or macOS device owner will be able to remotely shutdown their machine.
The snippet of code (pictured) is a form of code known as CSS – which stands for Cascading Style Sheets – and controls how simple HTML code is displayed on a screen. Any iOS or macOS devices that open the code will instantly crash and restart
‘With the current attack (CSS/HTML only), it will just freeze Safari for a minute then slow it down,’ the researcher revealed.
‘You will be able to close the tab afterward.
‘To make it work on macOS, it requires a modified version containing Javascript.
‘The reason why I did not publish it is that it seems that Safari persists after a forced reboot and the browser is launched again, therefore bricking the user’s session as the malicious page is executed once again.’
The researcher says he notified Apple about the issue before publishing the code on social media.
‘I contacted them using their security product email,’ Mr Haddouche revealed.
‘They confirmed they received the issue and are investigating it.’
The discovery comes only days after the unveiling of Apple’s latest iPhone handsets, the XR, XS and the XS Max.
The 6.5-inch iPhone XS Max will start at $1099 (£1,099), and boasts a Super Retina Display that now stands as the biggest iPhone display yet.
Apple revealed the new handset alongside its new $999 (£999) iPhone XS – a 5.8-inch device CEO Tim Cook says is ‘by far the most advanced iPhone we have ever created.’
Both, Apple says, are ‘more waterproof’ than their predecessor, with the ability to survive 30 minutes underwater at up to two meters deep.
Apple’s third handset, the XR, is considered to be the budget model and will retail for $749 (£749).
It has a 6.1-inch LCD display and comes in black, white, red, yellow, coral, and blue.