A poorly-coded or malicious site should be limited to crashing a browser tab or, at worst, the browser itself. Unfortunately, for everyone out there with a device running any version of iOS, there’s a small piece of code that will force your entire gadget to reboot. It’s so simple, you don’t even need to visit a website to trigger it — a shortcut is enough.
Yesterday, developer Sabri Haddouche revealed a proof-of-concept demo and source code for the crash, which he’s given the apt name of “Safari Ripper”.
If you’re viewing this page in Safari on iOS and would like to crash your device, just click this link. Of course, don’t say I didn’t warning you.
Alternatively, here’s a video of it in action:
— Sabri (@pwnsdx) September 15, 2018
Haddouche also made the source for the demo available, which can be viewed on GitHub (don’t worry, this link is safe). The key component is the “backdrop-filter” CSS property (a way to stylise HTML). It’s relatively new, added as part of a draft specification in November 2017, and allows one to stack Photoshop-like effects on images.
Even worse, it appears the crash can be triggered by simply creating a shortcut to it, as Federico Viticci shows on Twitter.
It’s only a matter of time before Apple fixes the bug, but for now, be careful visiting unfamiliar websites on your iPhone or iPad.