A security engineer for an encrypted instant messaging app recently discovered this vulnerability within WebKit, which is the HTML layout engine that serves as the brains behind popular iOS and macOS web browsers. This includes any browser that runs on iOS as well as Safari on macOS. With just a few lines of code, this exploit can overload WebKit causing iOS/macOS to “kernel panic” (Apple’s version of a Blue Screen of Death) and reboot. Thankfully, this exploit does not compromise the security of the data that resides on the device, but there is always the possibility of an evil-doer taking this vulnerability and exploiting it for their own deeds. Because of this possibility, Apple is currently working to provide a patch for this issue. Currently, there are no reports of Windows or Linux devices suffering from this bug.
With Security Awareness Month starting in just a couple of weeks, this can serve as a reminder for you to frequently check for system updates on all of your devices, as these frequently include security patches that resolve issues just like this one. Also, be careful when clicking on links within e-mails and instant messaging apps that look suspicious or you aren’t expecting. Staying vigilant can help make bugs like this less effective.
If you have any questions or want to report suspicious e-mails or links, you can always contact the IT Help Desk for guidance.