Latest in Gear

Image credit:

Maliciously crafted video can freeze your iOS device

Play the wrong video in Safari and you'll have no choice but to reboot.
599 Shares
Share
Tweet
Share
Save

Sponsored Links

If you thought last year's iOS text crash bug was a headache, you'd better brace yourself. EverythingApplePro and other users have confirmed that at least one maliciously crafted video is guaranteed to trigger a memory leak and freeze iOS devices, even if they're running something as ancient as iOS 5. All you have to do is play the linked video file in Safari -- your iPhone, iPad or iPod will lock up within a few seconds, forcing you to hard reboot to regain control of your gear. It's so far useful only for cruel pranks (you should be fine afterward), but these kinds of quirks can occasionally be used as part of security breaches.

The trick is limited to unaltered files, so you don't have to worry about a YouTube link or other processed video bringing your device to a screeching halt. And of course, the immediate precaution is to avoid tapping direct video links (particularly from known hosts like vk.com and testtrial.site90.net) if you don't know that you can trust them. The problem, as you might surmise, is that attackers may use link shorteners or otherwise try to hide the nature of the video.

We've reached out to Apple about its plans for a fix, and we'll let you know if can outline plans. It won't be surprising if there's already a patch in the works. Don't be surprised if it's focused strictly on iOS 10 users, though. The latest version already had 60 percent adoption as of late October, and many of those running iOS 9 can upgrade. An iOS 10-only fix would (eventually) cover the vast majority of users.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
599 Shares
Share
Tweet
Share
Save

Popular on Engadget

The 2019 Engadget Holiday Gift Guide

The 2019 Engadget Holiday Gift Guide

View
Brave says 8.7 million people use its privacy-focused browser every month

Brave says 8.7 million people use its privacy-focused browser every month

View
The legal battle over 3D-printed guns is far from over

The legal battle over 3D-printed guns is far from over

View
Microsoft begins rolling out its Windows 10 November update

Microsoft begins rolling out its Windows 10 November update

View
Google wants to be your new bank

Google wants to be your new bank

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr