Be careful what you click on.
Abraham Masri, a Twitter user with the rather wonderful handle of @cheesecakeufo, has shared publicly a malicious link that is capable of crashing iOS and macOS when received through Apple’s Messages app.
The link, which I’m only going to reproduce here as an image, points to a GitHub page.
Clicking on the link can cause your Messages application to crash on iOS and Mac devices, and you may find other peculiar behaviour occurs such as being returned to your lock screen.
It turns out that there’s some pretty funky-looking code on that webpage.
Something about the so-called ChaiOS bug’s code gives your Apple device a brainstorm. Ashamed about the mess it gets itself in, Messages decides the least embarrassing thing to do is to crash.
Nasty. But, thankfully, more of a nuisance than something that will lead to data being stolen from your computer or a malicious hacker being able to access your files.
Readers with long memories will recall that Apple users have been bedevilled by text bomb vulnerabilities like this in the past.
For instance, in 2013 it was found that Macs and iPhones could be crashed by a simple string of Arabic characters, and in 2015 an attack dubbed “Effective Power” saw a sequence of characters allow mischief-makers to remotely reboot iPhones.
Don’t be surprised if Apple rolls out a security update in the near future to fix this latest example of a text bomb. And please please don’t be tempted to try the text bomb attack out on anyone else – you’re not being funny, you’re just being a jerk.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.