DoS exploit for WebKit engine
A certain sequence of Arabic characters allows you to cause a critical error leading to the crash of any application using the WebKit engine in iOS and Mac OS .
Vulnerability is reproduced on Mac OS 10.8 (Mountain Lion) and iOS 6. iOS versions <6 and 7 beta, Mac OS <10.8 and 10.9 beta are not affected.
Link to the exploit: https://zhovner.com/tmp/killwebkit.html
')
Vulnerability can be reproduced:
Vulnerability is reproduced on Mac OS 10.8 (Mountain Lion) and iOS 6. iOS versions <6 and 7 beta, Mac OS <10.8 and 10.9 beta are not affected.
Link to the exploit: https://zhovner.com/tmp/killwebkit.html
')
Vulnerability can be reproduced:
- By sending sms to the iPhone - while this happens respring and you can no longer go to the application "Messages". You can fix it so habrahabr.ru/post/191654/#comment_6658802
- By sending a message via iMessage on iOS or Desktop Messages on Mac OS - the application will end and you will not be able to enter it anymore.
- Opening the page containing the line - Mobile Safari in iOS just closes. In this case, if you do not delete the history of visits, re-enter it will not work. Desktop Safari behaves the same way. Desktop Chrome will complete the tab process by displaying an error message, the browser itself will continue to work. New Opera and Yandex Browser behave like Chrome.
- Putting the string in the name of the WiFi network (ESSID) - during the scanning of networks, this should cause an error. The method is described on news.ycombinator.com and has not been checked by me: news.ycombinator.com/item?id=6293824
Since Apple has not responded to the problem for half a year, perhaps a wider publicity will make them pay attention.
I ask everyone with desktop applications to crash, click "Report -> Send to Apple".
Also in Chrome, being on the fallen tab, click "Tools -> Report an Issue .." and send a bug report by including a link to the page.
Source: https://habr.com/ru/post/191654/
All Articles