Latest in Gear

Image credit:

Maliciously crafted video can freeze your iOS device

Play the wrong video in Safari and you'll have no choice but to reboot.
599 Shares
Share
Tweet
Share
Save

If you thought last year's iOS text crash bug was a headache, you'd better brace yourself. EverythingApplePro and other users have confirmed that at least one maliciously crafted video is guaranteed to trigger a memory leak and freeze iOS devices, even if they're running something as ancient as iOS 5. All you have to do is play the linked video file in Safari -- your iPhone, iPad or iPod will lock up within a few seconds, forcing you to hard reboot to regain control of your gear. It's so far useful only for cruel pranks (you should be fine afterward), but these kinds of quirks can occasionally be used as part of security breaches.

The trick is limited to unaltered files, so you don't have to worry about a YouTube link or other processed video bringing your device to a screeching halt. And of course, the immediate precaution is to avoid tapping direct video links (particularly from known hosts like vk.com and testtrial.site90.net) if you don't know that you can trust them. The problem, as you might surmise, is that attackers may use link shorteners or otherwise try to hide the nature of the video.

We've reached out to Apple about its plans for a fix, and we'll let you know if can outline plans. It won't be surprising if there's already a patch in the works. Don't be surprised if it's focused strictly on iOS 10 users, though. The latest version already had 60 percent adoption as of late October, and many of those running iOS 9 can upgrade. An iOS 10-only fix would (eventually) cover the vast majority of users.

From around the web

ear iconeye icontext filevr