This new text bomb crashes most Mac and iOS apps with a single Unicode symbol

in #blog7 years ago

image

We learned of a potentially serious new bug affecting a wide range of Apple devices.

During their development work on an international news feed, software engineers at Aloha Browser discovered two Unicode symbols in a non-English language that can crash any Apple device that uses Apple’s default San Francisco font. The bug instigates crashes on iPhones, iPads, Macs and even Watch OS devices that display text containing the symbol on their screens.

When one of the two symbols is displayed in an app, the software crashes immediately. In many cases, the app cannot be reopened and must be reinstalled. TechCrunch was able to recreate this behavior on two iPhones running an older version of iOS, one iPhone running iOS 11.2.5 and a MacBook Pro running High Sierra.

The bug crashes apps including Mail, Twitter, Messages, Slack, Instagram and Facebook. From our testing, it also crashed Jumpcut, a copy and paste plugin for Mac. While it initially appeared that the Chrome browser for Mac was unaffected and could safely display the symbol, it later crashed Chrome and the software would not reopen without crashing until uninstalled and reinstalled.

TechCrunch has been in touch with Apple about the potential timeline for a software fix and will update this story accordingly. According to the team at Aloha Browser, Apple is aware of the bug and it may have been reported by another development team, as well. [Update: Apple has confirmed that there’s a fix coming soon. Apparently this only affects current versions of the software, and this is already fixed in the betas of iOS, tvOS, macOS and watchOS.]

This is Apple’s second text bomb headache of the year. In January, software researcher Abraham Masri discovered an iOS glitch that allowed a specific URL to crash any iPhone it was texted to, sometimes resulting in a kernel panic. In 2016, another bug could crash any iPhone or the Safari browser if a user clicked the URL for CrashSafari.com. In 2015, a so-called “Unicode of Death” could overload an iPhone’s memory using some Arabic characters. Now we’re looking at Unicode of Death 2.0.

Because so many apps are affected, the new text bomb could be used to create mass chaos if spammed across an open social platform or used to target individuals via email or messaging. The new bug affects a broad swath of Apple devices and crashes nearly any major app they run, making it particularly destructive if not resolved quickly.

Sort:  

Hi! I am a robot. I just upvoted you! I found similar content that readers might be interested in:
https://techcrunch.com/2018/02/15/iphone-text-bomb-ios-mac-crash-apple/

super good