Mischievous Twitter users are passing around a link, often disguised with URL shorteners, to “crashsafari.com,” a website created in 2015 that immediately crashes iPhones and iPads. Crashsafari appears to run javascript code that overloads the victim’s address bar with an infinite series of numbers. Craig Young, security researcher at Tripwire have the following comments on it.
[su_note note_color=”#ffffcc” text_color=”#00000″]Craig Young, Cybersecurity Researcher at Tripwire :
“The crashsafari.com site runs a script within the browser that repeatedly adds entries to the browser’s history listing. It is unclear at this point what in the device’s design is allowing this to happen, but the possibility that this technique can be used to install a malicious program cannot be ruled out. Last year security researchers demonstrated how a network packet or an SMS message could trigger an iPhone or iPad to reboot but neither of these issues had security implications beyond inconveniencing the user. Generally speaking, any programming error capable of triggering a reboot is a serious problem and may be indicative of a security issue.”[/su_note]
[su_box title=”About Tripwire” style=”noise” box_color=”#336588″]
The opinions expressed in this article belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.