SoylentNews is people
SoylentNews
Submission Preview
Latest Apple Text-Bomb Crashes iPhones Via Message Notifications
████ # This file was generated bot-o-matically! Edit at your own risk. ████
Latest Apple Text-Bomb Crashes iPhones via Message Notifications [threatpost.com]:
Share this article:
Sindhi-language characters can crash iPhones and other iOS/macOS devices if a victim views texts, Twitter posts or messages within various apps containing them.
Apple devices are vulnerable to a “text bomb” attack where simply looking at messages or posts containing characters in the Sindhi language can crash devices.
Sindhi is an official language used in Pakistan. The bug affects iPhone, iPad, Macs and Apple Watches, and arises from macOS and iOS failing to properly render a Unicode symbol used when writing in the language. Because the symbol confuses the operating systems, according to a Friday post [bitdefender.com] from researcher Graham Cluley at Bitdefender, the devices simply spontaneously crash when it shows up in a viewing window.
The problem occurs in a number of different scenarios, including if the character string shows up in a text message – in fact, just looking at a message notification containing a message preview will crash the system. Viewing messages within apps leads to the same outcome, as does reading social media posts on one’s phone or Mac. As for the latter point, Threatpost editors were able to independently confirm that looking at tweets containing the characters will indeed shut down an iPhone.
Cluley noted that completely rebooting the device fixes the problem – until another booby-trapped message comes along.
The issue was first reported on Reddit [reddit.com] on Thursday, and given the moniker “CapturetheFlag” because the offending characters are often paired with the Italian flag (the flag though is not necessary to trigger a crash). Trigger messages began being circulated in Telegram messages, and quickly went viral on Twitter, with many pranksters posting tweets containing the text-bomb content.
Apple has had similar linguistic issues in the past; in 2013, certain combinations of Arabic characters were found to crash Macs and iPhones; while in 2018, messages containing letters of the south Indian language of Telugu [threatpost.com] were discovered to do the same thing.
Other text-bomb attacks that don’t relate to Unicode symbols have made the rounds in the past: The chaiOS bug in 2018 [threatpost.com] for instance allowed attackers to crash or freeze phones just by sending a text message containing a hyperlink to malicious code hosted on GitHub. Recipients only needed to receive the malicious messages for the flaw to work: Clicking on the link wasn’t required.
And last year, an Apple iMessage bug made the rounds [threatpost.com] that allowed attackers to brick iPhones running older iOS versions, by sending a specially crafted message to a vulnerable device.
In this case, Apple hasn’t yet issued a public statement on the problem, but according to Cluley, the latest beta version of iOS fixes the issue.
“[This] already incorporates a fix for the problem – so we may only be days away from having it pushed out to our vulnerable devices,” he wrote. “In the meantime, if you are worried or think you might be targeted by a mischief-maker who delights in crashing your device, you might be wise to disable message previews on your iPhone.”
Android users can meanwhile log this one as a win in the mobile device wars: Google’s OS is unaffected.
The news comes as Apple pushes back against claims that two zero-day bugs in its iPhone iOS have been exploited for years. A widely disseminated report published Wednesday [threatpost.com] by ZecOps claimed that bugs in the Apple Mail app on iPhones and have been exploited in the wild since 2018 by an “advanced threat operator.” However, Apple said in a statement [threatpost.com] to Bloomberg’s Apple correspondent Mark Gurman that he posted on Twitter that the findings aren’t true.
An unusual character string is causing Apple devices to crash [engadget.com]:
A new character-linked bug is doing the rounds on Apple devices, causing iPhones, iPads, Macs and Apple Watches [engadget.com] to crash when they receive a particular string of characters via a notification. As reported on MacRumors [macrumors.com], this one appears to comprise the Italian flag emoji and characters from the Sindhi language, and causes a system crash when displayed via an incoming notification.
It’s certainly not the first time Apple users have been hit with this type of bug. Back in 2018, for example, a character from the Telugu language was responsible for crashing thousands of devices [engadget.com]. There’s no way to prevent problematic characters from causing crashes, although as in this instance the bug only appears to affect notifications, Apple users might consider turning off notifications until the issue is resolved.
Apple usually fixes these types of bugs within a few days, so don’t expect it to be an ongoing problem. MacRumors has already reported that some users have found the issue to be fixed in the second beta of iOS 13.4.5, so it’s unlikely to have too wide an impact.
In this article: Apple [engadget.com], crash [engadget.com], character [engadget.com], string [engadget.com], bug [engadget.com], notification [engadget.com], news [engadget.com], gear [engadget.com]All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.Comments120Shares
Please delete previous submission
