Security Flaw In Developer Kit May Cause Apple Devices To Freeze, Slow, Or Reboot
By: Jim Stickley and Tina Davis
September 17, 2018
Attention all Mac and iPhone users. This one is for you. A security researcher at the company Wire has found a security flaw that affects your devices. Windows users can breathe a sigh of relief, because you are not affected. And neither are Linux users. But if you do use an Apple product, versions iOS 12 and macOS version 11.4.1, at least, your devices may be frozen, slowed, or rebooted unexpectedly if your device is attacked. The most frightening thing about this attack is that it is launched on your device simply by visiting a website that appears to be legitimate but is in fact malicious.
Let’s get to the nitty gritty here. To avoid this for the time being, just don’t click on links that you receive unexpectedly or from unknown senders. It does affect Mail, so watch out for any potential phishing attacks, as you always should. If you cannot be 100% certain a link is safe, just don’t click it until you can independently verify with the sender that he or she intended to send it to you.
Remember that anything can be used as phishing bait these days. There is no such thing as a completely secure link or attachment. So, if you are not sure, contact the sender by phone, text, or a personal visit to confirm before clicking it. Remember not to use phone numbers or email addresses in these messages either. The attackers are quite good at making it appear that those phone numbers go to legitimate places, when in fact, they go to their own “support” locations.
If you are using a Mac computer, it won’t freeze in this attack, but it will crash Safari and slow the computer down. You can close the Safari tab to stop the attack. However, it will automatically restart and freeze again, rendering Safari basically useless. Users on iOS will see their devices restart.
What causes this is a vulnerability in the product that Apple requires developers to use in order to have their products work with Apple. That means that Apple will need to deploy a fix for it. So, when that little red icon appears that an update is available, make sure to apply it as soon as possible. And because it is within the WebKit product that Apple makes mandatory, this can cause issues with all browsers on either the macOS or iOS devices.
At this time, the researcher has not tested it on any other versions than the aforementioned. That means, that even if you are on a different version of the operating system, you may still be affected. So, better safe than sorry and remember not to click on unexpected links or attachments until Apple releases a fix for this.