CSS-Based Attack to Restart iPhone

As researcher noted, all applications that handle HTML are under threat
17 September 2018   205

The developer and cyber security specialist Sabri Haddouche found that 15 lines of CSS code running on iOS cause the kernel to crash and reboot the device. On the macOS after the clicking on the "overloaded" link, the browser may freeze. All versions of iOS, including the latest update 11.4.1, as well as iOS 12, which is currently undergoing beta testing are vulnerable.

Haddouche published a PoC code on GitHub. It exploits a vulnerability in the WebKit web rendering engine. Placement of a large number of tags (for example, a div) inside the CSS property of backdrop-filter results in all the device resources being used to render the page. This causes a crash in the kernel, and the system starts a reboot to prevent it from corrupting.

The developer notified Apple of the vulnerability, and the company began an internal investigation.

As Haddouche noted in a conversation with TechCrunch, all applications that handle HTML are under threat. You can cause a failure through an e-mail message or a link to an "overloaded" web page. The attack does not allow executing malicious code and does not allow an attacker to access the device data, however, according to experts, it will be difficult to find a way to prevent it.

CSS is a tool for designing web content written primarily in HTML. However, specialists from time to time discover that it allows, for example, to collect confidential user like passwords or track actions on the web.

Now Sketches Can be Turned to Code Instantly

Sketch2Code by Microsoft allows to turn sketch into HTML code
29 August 2018   305

The Microsoft Azure team introduced the Sketch2Code Web tool to convert user interface sketches to HTML codes. Service speeds up the process of developing projects, eliminating the need to manually create markup based on the drawing.


Sketch2Code works with artificial intelligence. The process of converting a picture into code consists of five steps.

  • First the user uploads an image through the website.
  • A custom vision model predicts what HTML elements are present in the image and their location.
  • A handwritten text recognition service reads the text inside the predicted elements.
  • A layout algorithm uses the spatial information from all the bounding boxes of the predicted elements to generate a grid structure that accommodates all.
  • An HTML generation engine uses all these pieces of information to generate an HTML markup code reflecting the result.

All images, results and grouping information are stored in the BLOB storage. The connecting link between all services is Azure Functions. The tool is developed in collaboration with Kabel and Spike Techniques. Details about Sketch2Code are provided in the GitHub documentation.