An exploit publicly announced yesterday (picture of source page available here – won’t force a crash) shows how a string of Arabic characters can crash applications in OS X 10.8 and iOS 6. The upcoming Apple operating systems, iOS 7 and OS X 10.9, have fixed the bug, but Apple was supposedly notified about this bug six months ago and still has not issued a fix for the current public operating systems.
Jailbreakers are already working to patch the bug over until Apple releases a full fix:
I have a fully working patch that unfortunately applies only in MobileSafari. The more general fix I came up with is not a clean solution.—
Filippo Bigarella (@FilippoBiga) August 29, 2013
This bug does not work on any other operating systems and does not allow anyone else to access your computer remotely because of it, but being a recipient (or even sender) of these characters may make your Messages app unusable, cause Safari/Chrome to crash, or not allow for scanning of SSIDs (if the string is broadcasted as a Wifi network name).
Back in 2009, iOS 3.0 was vulnerable to an SMS bug that allowed others to remotely execute code on the recipients’ phone. The 3.0.1 update introduced a patch.
Hopefully Apple will be pushing out a security fix in the near future to make sure this exploit doesn’t get too far.
Update: A jailbreak fix has been released that fixes apps that cannot be opened due to the exploit. The patch has not been tested or verified by us and may cause other issues when browsing.
WebCore ‘dumb’ patch to avoid crashes with today’s malicious character sequence: github.com/FilippoBiga/Gl… (deb available under “release” tab)—
Filippo Bigarella (@FilippoBiga) August 29, 2013
You can install that to open the apps that are currently crashing due to that bug. It’s not a definitive solution, but it’ll do for now.—
Filippo Bigarella (@FilippoBiga) August 29, 2013
Check out 9to5Mac for more breaking coverage of AAPL Company and exploit.
What do you think? Discuss "Text-based bug that crashes apps in OS X 10.8 & iOS 6 discovered, fixed in OS X 10.9 and iOS 7" with our community.