Users of Apple tech have a new reason to worry. A security researcher named Sabri Haddouche, who works for an instant messaging app called “Wire,” has published a proof of concept web page. It contains a fatal exploit that can crash and restart iPhones, iPads and any Mac.
Essentially then, the entire Apple ecosystem is vulnerable. Worse, the security flaw can be exploited using nothing more than CSS and HTML code. The flaw resides in Apple’s WebKit, which is its web rendering engine used by all apps and browsers running on Apple’s OS.
Haddouche tested the exploit using Chrome, Microsoft Edge, and the Safari web browser. He got the same result each time using both a MacBook Pro and an iPhone X. Apple users are advised to exercise extreme caution when visiting any web page until a patch can be issued.
The company is currently investigating the issue, and to this point has not given their legions of users a timeframe for a possible fix.
Sadly, this isn’t the first time a flaw like this has been discovered, and it’s unlikely to be the last. If there’s a silver lining, it is that Apple has historically been quick to patch flaws of this kind, and it should be noted that Linux and Windows systems are not affected.
It’s especially worrisome for small business owners, and until Apple gives us a time frame for a fix, your best bet is to steer clear of any websites but those that are business critical, and trusted sites that you know to be safe.
Although the exploit was specifically engineered to crash Apple devices, it’s easy enough to envision a nastier implementation which could critically damage the OS, rendering the device targeted by the attack completely inoperable. Stay vigilant, and stay tuned for a fix to what could be a devastating issue.