Mischievous Twitter users are passing around a link, often disguised with URL shorteners, to “crashsafari.com,” a website created in 2015 that immediately crashes iPhones and iPads. Crashsafari appears to run javascript code that overloads the victim’s address bar with an infinite series of numbers. Craig Young, security researcher at Tripwire have the following comments on it.
[su_note note_color=”#ffffcc” text_color=”#00000″]Craig Young, Cybersecurity Researcher at Tripwire :
“The crashsafari.com site runs a script within the browser that repeatedly adds entries to the browser’s history listing. It is unclear at this point what in the device’s design is allowing this to happen, but the possibility that this technique can be used to install a malicious program cannot be ruled out. Last year security researchers demonstrated how a network packet or an SMS message could trigger an iPhone or iPad to reboot but neither of these issues had security implications beyond inconveniencing the user. Generally speaking, any programming error capable of triggering a reboot is a serious problem and may be indicative of a security issue.”[/su_note]
[su_box title=”About Tripwire” style=”noise” box_color=”#336588″]Tripwire is a leading provider of advanced threat, security and compliance solutions that enable enterprises, service providers and government agencies to confidently detect, prevent and respond to cybersecurity threats. Tripwire solutions are based on high-fidelity asset visibility and deep endpoint intelligence combined with business-context and enable security automation through enterprise integration. Tripwire’s portfolio of enterprise-class security solutions includes configuration and policy management, file integrity monitoring, vulnerability management and log intelligence.[/su_box]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.