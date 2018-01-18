'Text Bomb' Is Latest Apple Bug (bbc.com) 47
An anonymous reader quotes a report from the BBC: A new "text bomb" affecting Apple's iPhone and Mac computers has been discovered. Abraham Masri, a software developer, tweeted about the flaw which typically causes an iPhone to crash and in some cases restart. Simply sending a message containing a link which pointed to Mr Masri's code on programming site GitHub would be enough to activate the bug -- even if the recipient did not click the link itself. Mr Masri said he "always reports bugs" before releasing them. Apple has not yet commented on the issue. On a Mac, the bug reportedly makes the Safari browser crash, and causes other slowdowns. Security expert Graham Cluley wrote on his blog that the bug does not present anything to be particularly worried about -- it's merely very annoying. After the link did the rounds on social media, Mr Masri removed the code from GitHub, therefore disabling the "attack" unless someone was to replicate the code elsewhere.
I usually love seeing such bugs in action. Anyone can point us to the video?
This seems underrated to me. Maybe ditching the CEO is going a bit too far, but they definitely need to get serious about software QA.
The Messages app's default behavior has it load a preview of the linked-to content, hence why the linked-to content can—and in this case did—cause problems.
Anyway, previews can be toggled on or off in settings, it's possible to delete the offending messages via settings if Messages becomes inaccessible, and messages from unknown senders are by default shunted into a separate section in Messages from those sent by contacts, so the issue was always going to be minimal in scope and impact. Even so,
Even so, it's nice to see that they were able to accomplish some initial mitigation prior to the full fix coming next week.
It's not "nice", it's a bare minimum.
The bug itself is understandable -- the space of all possible Unicode text strings is infinite, and the behavior of a universal text renderer is more subtle than most programmers would imagine. I think most programmers would be susceptible to not handling every use case in every language correctly.
What's disconcerting is that the fault appears to crash the entire OS, not just the one buggy application. Shouldn't memory protection and process segmentation prevent that?
Its all part of building on search features https://www.wired.com/2014/10/... [wired.com] (10.20.14)
Slowdowns? (Score:2)
Oh so you mean like the stagefright bug for android?
Had this on an old Nokia phone (Score:4, Informative)
Some text messages would reliably cause the phone to reboot on delivery of the message.
This would cause an almost endless reboot cycle, until the server gave up attempting to deliver the text message (around 10-20 reboots).
Unicode! (Score:2)
