Malicious Video Link Can Cause Any iOS Device To Freeze (9to5mac.com) 53
A new bug in iOS has surfaced that will cause any iOS device to freeze when trying to view a certain .mp4 video in Safari. YouTube channel EverythingApplePro explains the bug in a video titled "This Video Will CRASH ANY iPhone!" 9to5Mac reports: As you'll see in the video below from EverythingApplePro, viewing a certain video in Safari will cause iOS to essentially overload and gradually become unusable. We won't link the infectious video here for obvious reasons, but you can take our word for it when we say that it really does render your device unusable. It's not apparently clear as to why this happens. The likely reason is that it's simply a corrupted video that's some sort of memory leak and when played, iOS isn't sure how to properly handle it, but there's like more to it than that. Because of the nature of the flaw, it isn't specific to a certain iOS build. As you can see in the video below, playing the video on an iPhone running as far back as iOS 5 will cause the device to freeze and become unusable. Interestingly, with iOS 10.2 beta 3, if you let an iPhone affected by the bug sit there for long enough, it will power off and indefinitely display the spinning wheel that you normally see during the shutdown process. If someone sends you the malicious link and you fall for it, this is luckily a pretty easy problem to fix. All you have to do is hard reboot your device. For any iPhone but the iPhone 7, this can be done by long-pressing the power and Home buttons at the same time. The iPhone 7, of course, uses a new non-mechanical Home button. In order to reboot an iPhone 7, you must long-press the power button and volume down button at the same time.
Re: (Score:1)
Where is the internal testing, quality control, bug reports, basic app security?
In house OS, hardware, tools, testing... the very best staff.
QA (Score:2)
Sure, all you have to do is test absolutely every combination of HTML, CSS, JavaScript, SVG, and MP4 streaming configuration you could ever possibly conceive of.
Keep in mind, the MP4 spec is... extensive:
https://en.wikipedia.org/wiki/... [wikipedia.org]
Re: (Score:1)
Its not mp4. Based on ffmpeg's output it looks like there is a case where they aren't doing bounds checking correctly in the H.264 decoder.
Re: (Score:1)
or just load IOS 10 (Score:2)
or just load IOS 10... my iPhone 5S freezes all the time now.
Re: (Score:2)
Re: or just load IOS 10 (Score:3)
Re:And you can't remove the battery to restart (Score:4, Insightful)
What's great is that you don't need to remove the battery to restart it.
Is that actually a thing? Are there phones that require you to open them up and take out the battery to do a simple hard reset?
Re: (Score:2)
What's great is that you don't need to remove the battery to restart it.
Is that actually a thing? Are there phones that require you to open them up and take out the battery to do a simple hard reset?
It's not really a thing, but in many devices taking the battery out is much faster than holding down a set combination of buttons for quite a long time and hoping no one bumps you along the way.
Plus there's nothing like being 100% sure.
Re: (Score:2)
Personally I don't think that less than 5 seconds from holding down the two buttons to the phone starting its shutdown sequence is quite a long time.
Also.. if you can't go 5 seconds without someone bumping you so hard that you can't keep your fingers on two buttons then I shudder to think what's going to happen to the cover and battery when you are bumped.
Re: (Score:2)
Personally I don't think that less than 5 seconds from holding down the two buttons to the phone starting its shutdown sequence is quite a long time.
I wouldn't either, but then my phone doesn't do anything if you hold down a few buttons for 5 seconds.
Re: (Score:2)
I don't follow. on any iPhone if you hold the sleep/power button along with the home (or volume down for iPhone 7).. your phone will shut down -- no matter what it's doing or if it's crashed.
No need to do anything fancy or open anything up and hope that someone doesn't knock the battery out of your hand.
Re: (Score:2)
I didn't realise we were limiting the discussion to just iPhones. Yeah on the iPhone's 5 second hard reset still applies. That said I have seen a device before where its hard reset routines did nothing and a battery pullout was the only option. An LG device from a few years back. I hope Apple get it right when they remove their last physical button.
Re: (Score:2)
It's not really a thing, but in many devices taking the battery out is much faster than holding down a set combination of buttons for quite a long time and hoping no one bumps you along the way.
If "taking the battery out is much faster than holding down a set combination of buttons for 'quite a long time' " (for values of `quite long`of a few seconds), then accidentally removing your battery is an actual possibility.
Re: (Score:2)
Errr no. One has nothing to do with the other. I can remove a GoPro from it's underwater case in under half a second despite a wonderful dual latching system that makes inadvertent opening almost impossible.
Likewise I can get my phone's battery out in about 2-3 seconds and yet it has never fallen out on its own accord, even the several times it's been dropped and shot across the room (no idea how my screen hasn't cracked yet).
Re: (Score:2)
Re: (Score:2)
Press and hold the upper right button and the home button simultaneously for a few seconds.
Re: (Score:2)
Apple didn't seem to anticipate the touchscreen being unresponsive in a crash
Yes they did.
The hard reset is holding down power and home (or volume down in the case of the iPhone 7) for a few seconds. No touch screen interaction is required.. the phone just reboots.
link to video (Score:3, Informative)
this is the link to the video [vk.com] that will crash apple products. Share with all your iFiends. ;)
Re: (Score:2, Funny)
Sent from my iPhone
Re: (Score:2)
Wasn't malicious, we were a commercial data processing sho
Re: (Score:2)
You, Sir, were having too much fun.
Video Memory leak? (Score:2)
it's simply a corrupted video that's some sort of memory leak
Maybe is the browser/player/library to have a memory leak triggered and exploited by means of a specially crafted video file!
ah!
Re: (Score:2)
Apparently you think the only two smart phones in existence are the iPhone and the Galaxy Note 7. Boy are you in for a surprise if you ever crawl out of your basement and actually visit a store that sells cell phones.
Fine then, so what do you prefer? (Score:2)
Apparently you think the only two smart phones in existence are the iPhone and the Galaxy Note 7. Boy are you in for a surprise if you ever crawl out of your basement and actually visit a store that sells cell phones.
To freeze or to still be vulnerable after more than a year? [techrepublic.com]
If it's a memory leak.... (Score:2)
Why doesn't this affect all types of computers? Why doesn't it affect Android, Mac OS, Windows, and Linux? Why *just* IOS? That doesn't make sense, there must be something unique about IOS where it doesn't handle video as well as other OS's....
Re: (Score:2)
Easy, it's a standard, so there are many implementations of it. It's why the Stagefright bugs don't affect iOS - you're trying to test against a different implementation that has a different way of doing things.
And maybe it does affect Android, but the way Stagefright