How to crash iPhone & Mac OS with a Link: Safari Browser Exploit

iPhones and Macs are one of the most recommended devices for their security. macOS and iOS have always had a security advantage over android and windows. But is macOS and ios really that secure as Apple claims? Well funny enough there are a lot of exploits available for iPhones’ iOS and Mac OS. So today we are going to show you one such exploit that can crash iPhone and crash macOS with a single link and ngrok.

So if you think Apple is superior and hack-proof Well, that’s not really true as you can see below. This exploit can crash Safari browsers as well as internet explorer browsers causing a system restart. Some other browsers will only crash but on ios and macs, you get system restarts. So without further ado let’s begin the tutorial to crash iPhone:

How to crash the iPhone & macOS with a Single Link

In order to crash iPhones and crash macOS with a link, we will be using the Safari Reaper Tool. It’s a free tool that used a safari browser exploit to crash the device resulting in a system restart.

If you are too lazy to set up the tool then simply visit the link below: (Test at your own risk. Your system will crash and restart if you click the link below)

Link: https://jonnybanana.github.io/safari-ie-reaper.github.io/

If you want to set it up on your system then do the following:

Step 1: Clone the repository on your Kali Linux

git clone https://github.com/JonnyBanana/safari-ie-reaper.github.io

Step 2: After downloading the repository, open the folder and you will see the following files.

Step 3: Copy the above files in “var/www/html/” folder

Step 4: Start the kali server with the following command:

service apache2 start

Step 5: Visit the site on iOS or Mac with the Safari browser. The following will happen:

Part 1: Apple device

Part 2: Visited the link

Part 3: Apple restarted.

The actual code inside looks something like this:

If you want this hack to work on the internet then you just need to set it up with ngrok. The above demonstration was done on my internal network.

If you want to set it up so that anyone can access the URL then you need to use ngrok. It’s free to use and can help you globally set this up:

Installation steps for Ngrok in Kali Linux

You also need to install Ngrok on your Kali Linux System in order to use this hack over the internet: Type the following command to download Ngrok to your system.

wget https://bin.equinox.io/c/4VmDzA7iaHb/ngrok-stable-linux-amd64.zip

Now unzip the file with the following command: 

unzip <folder name of Ngrok here>

Now go to the Ngrok website and complete signup procedure. You can log in with your Google or Github account if you are lazy like me. Just make your free account. It’s free to use and has more premium features if you are willing to pay.

 After signup, you will see your auth token at the Ngrok website as shown in the image below: Now give below command with your Auth Token 

./ngrok authtoken <YOUR_AUTH_TOKEN>

The above command will add your auth token to your ngrok.yml file and you will see the output as shown below: Now allow Ngrok execution permission so that it can run directly from the terminal with the following command: 

chmod +x ./ngrok

Now to check all the Ngrok options type the following:

./ngrok -h

Now, you need to create a tunnel from the Internet to our local server. To do this type the following command :

./ngrok http 8080

The final link will look something like this:

https://10f34f608fb4.ngrok.io 

If you face any issues with port 8080 then use port 80 instead to hack. 

Conclusion-

You have now learned how to crashed iPhone and macOS with just a link. This exploit may not for few Apple devices due to third party security applications but there is a high chance that the target device will get affected. So make sure to keep devices safe.