Sign up to our newsletter
An exploit has been discovered that causes iPhones and iPads to reboot when sent a string of malicious text.
The bug was found on Reddit, reports 9to5Mac, but the exploit has since been confirmed by Apple. If the offending 75-byte sequence of unicode characters are sent via a text message, and appear on a user’s iPhone lockscreen, the device will crash and reboot.
The string of unicode characters is not something that could be typed in accidentally, as it contains a mixture of English words and Arabic characters. The Register explains that this exploit functions by forcing CoreText to try and access memory that is invalid. The operating system then tries to close the program running – but in the case of this particular exploit, as the notifications screen is a core part of iOS, viewing the text on the lockscreen forces the device to reboot.
Disabling lock screen notifications will prevent the message from affecting your phone, if you are yet to receive the message, until Apple releases a full fix for the exploit.
Some users who have received the message report no longer being able to access Messages. However, others have reported that sending a photograph to the offending contact via the Photos app allows them to regain access and delete the offending text message.
The bug can also force Apple Watches to crash if users attempt to reply to the message using Siri, and Forbes reports that the same exploit can be used in Apple Macs. It is harder to exploit there, but the article suggests that using the unicode as a ‘server message of the day’ or a ‘welcome message’ would cause the machine to crash when authenticating to network servers.
“We are aware of an iMessage issue caused by a specific series of unicode characters and we will make a fix available in a software update,” an Apple spokesperson told The Guardian.
Author Alan Martin, ESET