Masses consider Apple products as the most durable and secure ones but a software developer has proven that iPhones are not as secure as the firm claims. The man has discovered a new bug within iOS that causes iPhones and Macs to crash if they receive a message containing a specific website link.
Abraham Masri is the man who posted a link on his twitter handle, naming the flaw as “ChaiOS” or “Text Bomb” (as the most tech blogs are referring to). The link leads to a website that Masri has created himself containing hundreds of thousands of unnecessary characters within its metadata. The malicious code once entered can crash or re-start the Apple device. The bug also slows down Safari browser and drains battery levels too fast.
👋 Effective Power is back, baby!— Abraham Masri (@cheesecakeufo) January 16, 2018
Text the link below, it will freeze the recipient's device, and possibly restart it. https://t.co/Ln93XN51Kq
⚠️ Do not use it for bad stuff.
thanks to @aaronp613 @garnerlogan65 @lepidusdev @brensalsa for testing!
If you're getting a 404, use this link: https://t.co/vs7cK12sRR— Abraham Masri (@cheesecakeufo) January 16, 2018
Copy it as is. Do not open it in Safari.
Again, please don't use it for bad stuff.
In order to proof his claim, Masri published the malicious code on a publicly accessible repository, called GitHub. However, sooner he decided to delete the code after hundreds began retweeting and discussing plans to spread it online. “I made my point. Apple need to take such bugs more seriously.” – he wrote to his followers.
The bug I released was to get @Apple's attention. It's just an html file.@Github always hosted jailbreaks (even .ipa files) that might've included malware. I don't understand why you'd ban my account.— Abraham Masri (@cheesecakeufo) January 17, 2018
Btw, I always report bugs before releasing them.
Is there Any Risk to Your Apple Product?
The nature of the link means that it is not necessary for people to click on it for it to cause issues with their device. However, Masri added in the post: “Do not use it for bad stuff.” Meanwhile, security researchers have noted that despite the bug’s name, it is relatively harmless to iPhone and Mac users and is most useful as a way of “pranking” contacts. While the bug could be incredibly irritating if abused, it does not present a security risk to customers.
Graham Cluley, a cyber-security expert said in a blog post:
Something about the so-called ChaiOS bug’s code gives your Apple device a brainstorm. Ashamed about the mess it gets itself in, Messages decides the least embarrassing thing to do is crash. Nasty. But, thankfully, more of a nuisance than something that will lead to data being stolen from your computer or a malicious hacker being able to access your files.
How to Prevent from Text Bomb?
As mentioned above, it is possible that the bug can prevent an iPhone user from running messages on the device or even cause a crash or re-start. Even though, it is possible to avoid the situation and fix the issue by one of the following ways:
- Delete the thread that the link was sent in
- Reset the iPhone to factory settings
- Block the domain of the site hosting the link
Apple to Pull Up Socks!
It is not the first time a developer has discovered a software bug that causes iPhones to crash simply as a result of receiving a text message. YouTube channel ‘Everything Apple Pro’ shared details about a crash message bug last year that caused iPads and iPhones running iOS 10.1 or below to crash. The four-character message allowed people to freeze Apple devices of their contacts running the older mobile operating system.
The host of the YouTube channel said:
It’s almost scary how much power it puts in your hand. You can literally send a text message to any iPhone user on iOS 10 right now, it doesn’t matter if it’s Obama, it doesn’t matter if it’s your best friend…as soon as they receive this text on their phone, their phone will immediately hang, freeze and crash.
Apple has to worry and take advanced measures to stop such bugs in future. If we look into the history, there is a long list of such bugs discovered time to time forcing Apple to release bug-fixes in its operating system. Last week a Mac password flaw allowed anyone to change device preferences in the AppStore. Likewise, Apple was also forced to issue a fix for a separate password bug that allowed anyone access to a Mac by typing the username “root”, late last year.
Back in 2015, an iMessage bug caused iPhones to crash if they received a text with the words “effective. Power,” followed by a number of illegible characters. A year later, another “iPhone killer” was on the loose, this time in the form of a short mp.4 clip that showed a woman standing by a bed with the word “honey” written on the screen. The affected device getting slow and eventually shutting down.
What do you think about Apple’s security? Do they need to beef it up? Post your views in the Comment Section below.