A bug that is capable of crashing iOS and macOS on Apple devices with just a single message has been discovered.
Software developer Abraham Masri shared a malicious link on Twitter which, if sent via Apple's Messages app, can crash or restart a device, slow down Safari browsers and drain battery levels, even if the person receiving the message doesn't actually click on the link.
Masri later added that he reported the bug to Apple before releasing it publicly, and Apple has yet to comment on the security flaw.
"The bug I released was to get @Apple's attention," Masri wrote. "It's just an html file. @Github always hosted jailbreaks (even .ipa files) that might've included malware. I don't understand why you'd ban my account. Btw, I always report bugs before releasing them."
The bug I released was to get @Apple's attention. It's just an html file.@Github always hosted jailbreaks (even .ipa files) that might've included malware. I don't understand why you'd ban my account.- Abraham Masri (@cheesecakeufo) January 17, 2018
Btw, I always report bugs before releasing them.
After releasing the malicious link, a few social media users responded to the post, reporting that it had affected their phones:
ok I sent it to myself on my Mac and now my messages app wont open even after force quitting lol- Amit Kalra (@AMITNKALRA) January 17, 2018
My phone phone just became useless, it froze and after the respring all my apps didn’t open, I didn’t get no error message and no Siri ether- Makasu (@ImMakasu) January 17, 2018
It broke my my friends phone even the way to fix the iMessage it still does not work- kimo moreno (@Tramp_god2k16) January 17, 2018
Masri later deleted the malicious code after it did the rounds on social media, disabling the 'text bomb' attack and vowing that he wasn't going to re-upload it.
"No, I'm not going to re-upload it," he said. "I made my point. Apple needs to take such bugs more seriously."
No, I'm not going to re-upload it. I made my point. Apple needs to take such bugs more seriously.- Abraham Masri (@cheesecakeufo) January 17, 2018
Although being on the receiving end of the attack is a nuisance, it doesn't actually pose any major security risks, like data being stolen or hackers being able to access your files, according to security expert Graham Cluley.
News of the text bomb bug follows a few weeks after Apple confirmed that all of its devices were at risk of a security threat from Spectre and the worryingly-titled Meltdown.
It's not the first time that Apple has had security flaws pointed out to it either, as back in 2015 a jailbreaker exposed a flaw that could leave Macs open to malware intrusion, while a year later Apple fixed another security bug that allowed anyone access to locked iPhones' contacts.
More recently, the tech giant admitted at the end of last year that it was deliberately slowing down the operating systems on older handsets and later apologised for 'letting users down'.
You Might Also Like