Just Single-character Is Enough To Crash Any Apple iPhone, iPad Or Mac

Only a single character can crash your iPhone and block access to the Messaging app in iOS as well as popular apps like WhatsApp, Facebook Messenger, Outlook for iOS, and Gmail.

First spotted by Italian Blog Mobile World, a potentially new severe bug affects not only iPhones but also a wide range of Apple devices, including iPads, Macs and even Watch OS devices running the latest versions of their operating software.

Like previous ‘text bomb’ bug, the new flaw can easily be exploited by anyone, requiring users to send only a single character from Telugu—a native Indian language spoken by about 70 million people in the country.

Once the recipient receives a simple message containing the symbol or typed that symbol into the text editor, the character immediately instigates crashes on iPhones, iPads, Macs, Apple Watches and Apple TVs running Apple’s iOS Springboard.

Apps that receive the text bomb tries to load the character, but fails and refuses to function properly until the character is removed—which usually can be done by deleting the entire conversation.

Video Demonstration

The easiest way to delete the offending message is by asking someone else to send a message to the app that is crashing due to the text bomb. This would allow you to jump directly into the notification and delete the entire thread containing the character.

The character can disable third-party apps like iMessage, Slack, Facebook Messenger, WhatsApp, Gmail, and Outlook for iOS, as well as Safari and Messages for the macOS versions.

Telegram and Skype users appear to be unaffected by the text bomb bug.

Apple was made aware of the text bomb bug at least three days ago, and the company plans to address the issue in an iOS update soon before the release of iOS 11.3 this spring.

The public beta version of iOS 11.3 is unaffected.

Since so many apps are affected by the new text bomb, bad people can use the bug to target Apple users via email or messaging or to create mass chaos by spamming the character across an open social platform.

Update: Apple Releases Fix for Indian Telugu Character Crash Bug

Apple delivered on a promise made last week to publish updates for a bug that crashed Mac and iOS applications that included the ” జ్ఞ‌ా ” Indian Telugu character.

The Cupertino-based company released today a supplemental update for macOS High Sierra 10.13.3, and new versions for iOS (11.2.6), tvOS (11.2.6), and watchOS (4.2.3) to address the issue.

Apple tracks the bug as CVE-2018-4124, and describes it as “a memory corruption issue.” It says it addressed the bug “through improved input validation.”

Applying the updates below should keep most users’ devices safe and crash-free.

Name and information link Available for Release date
tvOS 11.2.6 Apple TV 4K and Apple TV (4th generation) 19 Feb 2018
watchOS 4.2.3 All Apple Watch models 19 Feb 2018
iOS 11.2.6 iPhone 5s and later, iPad Air and later, and iPod touch 6th generation 19 Feb 2018
macOS High Sierra 10.13.3 Supplemental Update macOS High Sierra 10.13.3 19 Feb 2018

 

Credit: THN & Bleepingcomputer

CEH Course In pune | Slink

Jai Prajapati

Jai Prajapati is a security analyst and author for Securityleaks, where he passion for covering latest happening in cybersecurity world such as malware, breaches, vulnerabilities, exploits, white-papers, hacking newsbytes, Dark Web, hacking tutorials and a few more.

Leave a Reply

Your email address will not be published. Required fields are marked *