An bug in the way Apple's iOS renders Arabic text makes it possible to crash an iPhone, iPad, iPod touch or Apple Watch simply by sending a specific string of characters in a message sent by iMessage or SMS, The Guardian reports.
When the incoming text message is displayed as a notification on the device's lock screen, iOS shortens the text with an ellipsis. If the ellipsis is in the middle of a specific series of non-Latin characters rendered in unicode, the system crashes and the iOS device reboots.
MDSec principal security consultant Matthew Hickey told Forbes that the flaw could be leveraged to launch a denial of service attack. "As the issue also affects OS X applications, a malicious party could set the triggering text as a server message of the day or welcome message, causing a user’s terminal to crash when authenticating to network services," he said.https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=i
"An attacker could also prevent an OS X user from accessing the console until a fix is available by placing the triggering text in key system file locations," Hickey added.
Apple responded to the flaw by publishing a support page that states, "Apple is aware of an iMessage issue caused by a specific series of unicode characters and we will make a fix available in a software update."
Until the update is released, Apple advises taking the following steps to re-open the Messages app:
- Ask Siri to "read unread messages."
- Use Siri to reply to the malicious message. After you reply, you'll be able to open Messages again.
- If the issue continues, tap and hold the malicious message, tap More, and delete the message from the thread.
Rapid7 security engineering manager Tod Beardsley pointed out to eSecurity Planet by email that the flaw isn't the first text processing denial of service bug to hit Apple devices -- another unicode flaw in 2013 had a similar impact. "That denial of service earned a swift fix from Apple at the time, due to it being quite reliable," he said.
"This new issue is less effective, in that it often requires several attempts, and Apple has published a workaround, so this situation isn't as dire as the last," Beardsley added. "Unicode processing bugs are nearly always caused by buffer overflows, but this issue doesn't look exploitable beyond merely crashing the target device."