"Killer text bomb" crashed iPhones, iPads, Macs, and Apple Watches
Apple has confirmed that it is working on a bug fix that will stop apps like Messages from crashing when they attempt to display a Unicode symbol representing a letter from the south Indian language of Telugu.
The Unicode-based bug has been exploited by juvenile pranksters, who posted app-crashing messages on Twitter, WhatsApp, Instagram, and Facebook, or even changed their screenname to one which contained the symbol.
The symbol, which I won’t repeat here for fear of crashing readers’ apps (trust me.. while writing this article I managed to bork my browser once at twice), can cause iPhones, iPads, Apple Watches and even Apple TV devices to endlessly reboot themselves if received in a notification. If you’re curious there’s a good write-up about it on Mozilla engineer Manish Goregaokar’s blog.
One security researcher demonstrated that it was possible to make macOS network applications crash by creating a Wi-Fi hotspot which included the offending symbol.
Yet another security researcher reported that he had changed his Uber name to the symbol. When he requested a ride, he effectively denial-of-serviced drivers in his area.
Which I’m sure is very funny… if you’re not an Uber driving attempting to earn an honest living.
By Friday evening, Twitter was clearly fed up enough with the abuse that it began to filter out messages using the character:
“This request looks like it might be automated. To protect our users from spam and other malicious activity, we can’t complete this action right now. Please try again later.”
A good step by them, but the only real solution is for Apple to patch its operating systems.
Apple customers have had plenty of encounters with text bombs in the past.
For instance, in 2013 it was found that Macs and iPhones could be crashed by a simple string of Arabic characters, and in 2015 an attack dubbed “Effective Power” saw a sequence of characters allow mischief-makers to remotely reboot iPhones.
And just last month, a malicious link known as the “ChaiOS bug” was found to be capable of crashing devices running iOS and macOS.
Apple rolled out patches for these past vulnerabilities, and it has been confirmed that this latest text bomb has already been fixed in the current beta versions of iOS, macOS, watchOS, and tvOS. So, if you are unable to delete the offending messages, you have a choice – either wait for the next update to iOS or borrow your friend’s Android smartphone.
Ultimate Privacy Guide for Your Facebook Account
August 31, 2021
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices
August 27, 2021
Your Netflix Account May Be on Sale on Darkweb. Protect It
August 13, 2021
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US
July 16, 2021
How to protect yourself against cyberstalking
July 06, 2021
FOLLOW US ON
You might also like
September 28, 2021