Original Post: ShadyShader: Crashing Apple Devices with a Single Click
The article discusses a vulnerability dubbed “ShadyShader” in Apple’s GPU drivers affecting iPhones, iPads, and macOS computers with M-series chips. This flaw allows a specially crafted shader program to overwhelm Apple’s GPU, leading to repeated freezes and system crashes. Apple addressed this vulnerability with CVE-2023-40441 by improving input validation for GPU drivers. ShadyShader works by sending shaders that exhaust GPU resources by appearing as legitimate processes, causing system unresponsiveness, especially on macOS and iOS devices.
Browsers contribute to this issue by translating shaders to Apple-specific languages, inadvertently facilitating the attack. The exploitation can escalate through recursive Denial-of-Service (DoS) using browser caching and recovery, causing repeated crashes whenever the browser reopens the malicious page. Attackers can deliver these shaders via disguised links in messages or through captive portals in public networks.
The article emphasizes that while updates now address the vulnerability, similar future attacks are possible. Users are advised to disable JavaScript to circumvent crash loops and urged to keep their devices updated. Other devices like Google Pixels and Tesla vehicles showed minor disruptions, suggesting potential widespread impacts on GPU-equipped systems. The article concludes with a call to try Imperva’s security services for enhanced protection.
Go here to read the Original Post