This vCard Exploit Can Kill Any iPhone's Messages App Permanently

A hacker has discovered a way to permanently disable the built-in Messages app on any Apple device running iOS 8 through iOS 10. That pretty much covers every iPhone handset and iPad tablet out there, including the recently released iPhone 7 and iPhone 7 Plus, save for models that are woefully outdated for whatever reason. Just as frightening, the sinister exploit is rather simple to pull off.

iPhone Hacked

The exploit involves sending a bloated vCard, or virtual business card, which are used to share contacts on mobile phones. A hacker who goes by the name Vincedes3 found that sending a vCard laced with thousands of lines of code can overwhelm the Messages app to the point where it ends up in a crash loop. Specifically, the malicious vCard he created contains 14,281 lines of code, much more than the average, which is usually just a few hundred lines.

When Messages opens the vCard, it freaks out at the mountain of code and freezes up. Normally when an app freezes, manually shutting it down and restarting will fix things, or a system reboot might be in order. That does not work here because Apple designed Messages to always attempt to reopen its most recent message. In this case, that would be the malicious vCard.


Luckily there is a fix that does not involve restoring the device from a previous backup or resetting it altogether. Vincedes3 created a fix for anyone unfortunate enough to fall prey to this attack. All a user has to do is open this URL on the iPhone or iPad that is caught in a Messages crash loop and that will replace the most recent text with one that Messages is able to load.

Vincedes3 says the fix does not always work on all iPad devices. If that is the case, another fix to try is to ask Siri to send a message to the affected device.

This is the latest in what is becoming a growing number of exploits in iOS that can freeze the device or one of its apps. Back in November of last year, Vincedes3 demonstrated how to paralyze an iPhone and force a system reboot simply by sending a link to a short video. Apple devices that viewed the video would slowly become unresponsive, making it difficult for victims to figure out what caused their handset to crash.

Moral of the story? Be wary of any texts you receive.

Via:  Vincedes3
Show comments blog comments powered by Disqus