Beware! A new bug can crash iOS and macOS with a single text message

Resist the temptation to send this text bomb to anyone.

Beware! A new bug can crash iOS and macOS with a single text message

Be careful what you click on.

Abraham Masri, a Twitter user with the rather wonderful handle of @cheesecakeufo, has shared publicly a malicious link that is capable of crashing iOS and macOS when received through Apple’s Messages app.

The link, which I’m only going to reproduce here as an image, points to a GitHub page.

Chaios tweet

Clicking on the link can cause your Messages application to crash on iOS and Mac devices, and you may find other peculiar behaviour occurs such as being returned to your lock screen.

It turns out that there’s some pretty funky-looking code on that webpage.

Webpage code

Something about the so-called ChaiOS bug’s code gives your Apple device a brainstorm. Ashamed about the mess it gets itself in, Messages decides the least embarrassing thing to do is to crash.

Nasty. But, thankfully, more of a nuisance than something that will lead to data being stolen from your computer or a malicious hacker being able to access your files.

Readers with long memories will recall that Apple users have been bedevilled by text bomb vulnerabilities like this in the past.

For instance, in 2013 it was found that Macs and iPhones could be crashed by a simple string of Arabic characters, and in 2015 an attack dubbed “Effective Power” saw a sequence of characters allow mischief-makers to remotely reboot iPhones.

Don’t be surprised if Apple rolls out a security update in the near future to fix this latest example of a text bomb. And please please don’t be tempted to try the text bomb attack out on anyone else - you’re not being funny, you’re just being a jerk.

Tags: , , , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security podcasts"

Latest episodes:

, , , ,

4 Responses

  1. lol

    January 17, 2018 at 10:02 pm #

    any known fix for macOS?

  2. MattLeH

    January 18, 2018 at 5:19 pm #

    Even if it is just a crashed device… the recipient is going to know who sent it.… so you wouldn’t be popular if you did.…

    .…at least my Windows 10 Phone isn’t effected (dying breath.…..)

    • coyote in reply to MattLeH.

      January 18, 2018 at 11:34 pm #

      It’s also possible that the crash takes over before they can see. That can happen in software (whether it would happen here or not I don’t know nor do I really care).

  3. coyote

    January 18, 2018 at 11:34 pm #

    Your last sentence is much too kind. It’s much more than being a jerk. Of course you could try it on yourself… it’s sort of tempting but I don’t think I will. Unfortunately many would be more than happy to send this type of thing to people whether it’s revenge or just trying to be funny. But that’s simply mankind at play and nothing will change that fact I fear.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.