ChaiOS Text Bomb Bug Crashes iOS Messages App And Freezes iPhones

Apple has faced a number of embarrassing security mishaps over the past few months, with most of them affecting macOS. However, iOS is not immune to annoying glitches as witnessed by the latest chaiOS bug. Software developer Abraham Masri first discovered the exploit, which affects iOS devices, and can cause them to freeze, respring or reboot.
ios messages iPhone

The exploit is made possible by the fact that the Messages app in iOS preloads website links, which allows the app to show users a preview. However, this has the unwelcome side effect of executing code that could otherwise be harmful to the operating system.

In this case, Masri created a webpage on Github that had its metadata overloaded with hundreds of thousands of unnecessary characters. This causes iOS to panic, and repeatedly crashes the Messages app. “The device will freeze for a few minutes," Masri told BuzzFeed. "Then, most of the time, it resprings."

While Masri's proof-of-concept webpage was originally hosted on GitHub, the site has since taken down the page and his account was temporarily suspended (it has since been reinstated). “My intention is not to do bad things," said Masri. "My main purpose was to reach out to Apple and say, ‘Hey, you’ve been ignoring my bug reports.’ I always report the bug before releasing something.”

It's also possible for chaiOS to wreak havoc with macOS, as there are reports of it crashing the Safari web browser.

"Nasty. But, thankfully, more of a nuisance than something that will lead to data being stolen from your computer or a malicious hacker being able to access your files," added security researcher Graham Cluley. "Readers with long memories will recall that Apple users have been bedeviled by text bomb vulnerabilities like this in the past."


Via:  BuzzFeed News
Show comments blog comments powered by Disqus