Chicago based software developer has discovered a security vulnerability in iOS and macOS that is capable of crashing or freezing your iPhone, iPad or Mac.
The software developer, Abraham Masri discovered the bug and posted it to GitHub on Tuesday afternoon, warning the people “not to use it for bad stuff.” In no time, the link went viral all over social media. This malicious link, named as “chaiOS”, is sent through the Apple’s messaging app. On clicking the link, it redirects to a page stored on GitHub and then opens several megabytes of text containing Unicode cascading accent marks, that ultimately overloads the iOS or macOS and crashes the recipient’s iPhone, iPad or Mac devices. It deletes all the messages on the device and makes the Messaging App unusable. However, your other personal data is not affected.
Users have reported that the device either freezes, crashes, restarts or resprings, that takes about 10 seconds, redirecting you to the lock screen. Notably, Masri told the BuzzFeed News that he discovered the bug while he was “fuzzing with the operating system,” which meant that he was trying to enter some random characters into the internal code for the operating system so that he could break it.
A Twitter user, @aaronp613, tested the bug and said that after the link is sent, the device will freeze for few minutes and then it resprings. And after that, the Messaging app won’t load any messages and will crash. He said that the bug effects iOS versions through 11.2.5 beta 5.
Masri said, ” My intention is not to do bad things. My main purpose was to reach out to Apple and say, ‘Hey, you’ve been ignoring my bug reports.’ I always report the bug before releasing something.”His post was deleted from GitHub and his account as suspended for several hours after the incident had occurred. But by then, the link was copied and shared on social media. This means that all the Apple devices are still at risk.
A Computer Security Expert, Graham Cluley wrote, ” Ashamed about the mess it gets itself in, Messages decides the least embarrassing thing to do is to crash. Nasty. But, thankfully, more of a nuisance than something that will lead to data being stolen from your computer or a malicious hacker being able to access your files.”
He added, ” Please don’t be tempted to try the text bomb attack out on anyone else – you’re not being funny, you’re just being a jerk.”
The only solution for this is to currently quit the Messages App on iOS and Mac, backup all the messages and delete entire message thread to restore functionality. Apple has looked into the matter and confirmed that it is releasing a software update to fix it.
Pranksters! Refrain from sending it on.