Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Sunday April 26 2020, @11:14PM   Printer-friendly
from the what's-old-is-new-again dept.

Latest Apple Text-Bomb Crashes iPhones via Message Notifications:

Apple devices are vulnerable to a “text bomb” attack where simply looking at messages or posts containing characters in the Sindhi language can crash devices.

[...] The problem occurs in a number of different scenarios, including if the character string shows up in a text message – in fact, just looking at a message notification containing a message preview will crash the system. Viewing messages within apps leads to the same outcome, as does reading social media posts on one's phone or Mac. As for the latter point, Threatpost editors were able to independently confirm that looking at tweets containing the characters will indeed shut down an iPhone.

Cluley noted that completely rebooting the device fixes the problem – until another booby-trapped message comes along.

[...] Apple has had similar linguistic issues in the past; in 2013, certain combinations of Arabic characters were found to crash Macs and iPhones; while in 2018, messages containing letters of the south Indian language of Telugu were discovered to do the same thing.

Other text-bomb attacks that don't relate to Unicode symbols have made the rounds in the past: The chaiOS bug in 2018 for instance allowed attackers to crash or freeze phones just by sending a text message containing a hyperlink to malicious code hosted on GitHub. Recipients only needed to receive the malicious messages for the flaw to work: Clicking on the link wasn't required.

And last year, an Apple iMessage bug made the rounds that allowed attackers to brick iPhones running older iOS versions, by sending a specially crafted message to a vulnerable device.

In this case, Apple hasn't yet issued a public statement on the problem, but according to Cluley, the latest beta version of iOS fixes the issue.

See Also:
An unusual character string is causing Apple devices to crash:


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.