Text Exploit Crashes OS X 10.8 and iOS 6 Apps - MacRumors Forums
Register FAQ / Rules Forum Spy Search Today's Posts Mark Forums Read
Go Back   MacRumors Forums > News and Article Discussion > Mac Blog Discussion

Reply
 
Thread Tools Search this Thread Display Modes
Old Aug 29, 2013, 12:31 PM   #1
MacRumors
macrumors bot
 
Join Date: Apr 2001
Text Exploit Crashes OS X 10.8 and iOS 6 Apps




An exploit that causes both Macs and iOS devices to crash was discovered yesterday, reports 9to5Mac. A specific sequence of Arabic characters causes an error that will crash any application that uses the WebKit engine in either Mountain Lion (OS X 10.8) or iOS 6.

When sent via text message, iMessage, Messages, or typed in Safari, the sequence of characters will cause apps to crash.

Quote:
This bug does not work on any other operating systems and does not allow anyone else to access your computer remotely because of it, but being a recipient (or even sender) of these characters may make your Messages app unusable, cause Safari/Chrome to crash, or not allow for scanning of SSIDs (if the string is broadcasting as a Wifi network name).
Apple has fixed the exploit in both iOS 7 and Mavericks (OS X 10.9), which means people running those operating systems are not vulnerable. All other users can be affected by the issue, which has apparently existed for more than six months.

Article Link: Text Exploit Crashes OS X 10.8 and iOS 6 Apps
MacRumors is offline   0 Reply With Quote
Old Aug 29, 2013, 12:44 PM   #2
H2SO4
macrumors 6502a
 
Join Date: Nov 2008
How do people even find stuff like this???
__________________
MP1,1. 30"ACD. 11GB
H2SO4 is offline   5 Reply With Quote
Old Aug 29, 2013, 12:50 PM   #3
centauratlas
macrumors 6502a
 
Join Date: Jan 2003
Location: Florida
Can you paste the text in here for us to see.

centauratlas is offline   6 Reply With Quote
Old Aug 29, 2013, 12:55 PM   #4
nagromme
macrumors G4
 
nagromme's Avatar
 
Join Date: May 2002
Quote:
Originally Posted by centauratlas View Post
Can you paste the text in here for us to see.

If you even see a screenshot, you will die in seven days
nagromme is offline   6 Reply With Quote
Old Aug 29, 2013, 01:03 PM   #5
old-wiz
macrumors 604
 
Join Date: Mar 2008
Location: West Suburban Boston Ma
Quote:
Originally Posted by nagromme View Post
If you even see a screenshot, you will die in seven days
And all of your Macs will turn into Dells.
old-wiz is offline   3 Reply With Quote
Old Aug 29, 2013, 01:04 PM   #6
unplugme71
macrumors 65816
 
Join Date: May 2011
Quote:
Originally Posted by old-wiz View Post
And all of your Macs will turn into Dells.
not possible, our hardware is better quality to begin with
unplugme71 is offline   0 Reply With Quote
Old Aug 29, 2013, 01:14 PM   #7
H2SO4
macrumors 6502a
 
Join Date: Nov 2008
Quote:
Originally Posted by centauratlas View Post
Can you paste the text in here for us to see.

Now that, is extremely funny.
__________________
MP1,1. 30"ACD. 11GB
H2SO4 is offline   0 Reply With Quote
Old Aug 29, 2013, 01:24 PM   #8
spazzcat
macrumors 68000
 
spazzcat's Avatar
 
Join Date: Jun 2007
This seems like a bug then an exploit? If you could then access a users computer or phone then it would be an exploit?
spazzcat is offline   5 Reply With Quote
Old Aug 29, 2013, 01:34 PM   #9
wackymacky
macrumors 65816
 
wackymacky's Avatar
 
Join Date: Sep 2007
Location: sent to 17.019528,-25.06721 for the next 6 weeks for my sins
A bug yes, but a big one. How long to some sicko with a spambot sends out millions of emails containing it. Perhaps Samsung or Microsoft will include it on there web pages.

A large percent of mac, and the majority of iOS users won't know what hit them!

Last edited by wackymacky; Aug 29, 2013 at 02:50 PM.
wackymacky is offline   3 Reply With Quote
Old Aug 29, 2013, 01:43 PM   #10
TheRainKing
macrumors 6502a
 
Join Date: Jun 2012
Quote:
Originally Posted by wackymacky View Post
A bug yes, but a big one. How long to some sicko with a spambot sends out millions of emails containing it. Perhaps Samsung or Microsoft will include it on there web pages.

A late percent of mac, and the majority of iOS users won't know what hit them!
This. Apple should release an update for 10.8 users and iOS 6 users.
TheRainKing is offline   1 Reply With Quote
Old Aug 29, 2013, 02:00 PM   #11
Porco
macrumors 68000
 
Porco's Avatar
 
Join Date: Mar 2005
Quote:
Originally Posted by MacRumors View Post
Apple has fixed the exploit in both iOS 7 and Mavericks (OS X 10.9), which means people running those operating systems are not vulnerable. All other users can be affected by the issue, which has apparently existed for more than six months.
All users of OS X 10.8 and iOS 6 you mean? That screenshot seems to indicate earlier versions of OS X and iOS are not affected either, doesn't it?
__________________
I really wish Apple would use the option key a little more, and the command key a little less.
*soundcloud/fdporco*
Porco is offline   0 Reply With Quote
Old Aug 29, 2013, 02:07 PM   #12
FirstNTenderbit
macrumors 6502
 
Join Date: Jan 2013
Location: Atlanta
/buys roll of foil

/makes foil hat

/logs into MR to make post


Apple will not fix this vulnerability because they want to increase the adoption rate of Mavericks and iOS7

/wraps iPad in foil
__________________
I'm a big fan of good tech. I don't really care who makes it.
FirstNTenderbit is offline   3 Reply With Quote
Old Aug 29, 2013, 02:27 PM   #13
blesscheese
macrumors 6502
 
Join Date: Apr 2010
Location: Central CA
Quote:
Originally Posted by FirstNTenderbit View Post
/buys roll of foil

/makes foil hat

/logs into MR to make post


Apple will not fix this vulnerability because they want to increase the adoption rate of Mavericks and iOS7

/wraps iPad in foil
One certainly gets the impression from this that they have already stopped supporting 10.8!
blesscheese is offline   0 Reply With Quote
Old Aug 29, 2013, 02:43 PM   #14
FirstNTenderbit
macrumors 6502
 
Join Date: Jan 2013
Location: Atlanta
Quote:
Originally Posted by blesscheese View Post
One certainly gets the impression from this that they have already stopped supporting 10.8!
Ars Technica is having fun with it. They intentionally entered it into their Ars IRC and everyone on OSX was immediately kicked.

One thing of note: There were a few Ars posters who stated the bug didn't affect their rMBP's. Not sure if true but Ars is taking a whimsical approach to the news.

My hope is no one, under the guise of "Hey wouldn't this be funny?", decides to do anything malicious with this.
__________________
I'm a big fan of good tech. I don't really care who makes it.
FirstNTenderbit is offline   0 Reply With Quote
Old Aug 29, 2013, 02:55 PM   #15
benthewraith
macrumors 68030
 
benthewraith's Avatar
 
Join Date: May 2006
Location: Miami, FL
Send a message via AIM to benthewraith Send a message via MSN to benthewraith
The bug for me seems to be intermittent. Sometimes it crashes, sometimes it doesn't.
benthewraith is online now   0 Reply With Quote
Old Aug 29, 2013, 03:17 PM   #16
whooleytoo
macrumors 603
 
whooleytoo's Avatar
 
Join Date: Aug 2002
Location: Cork, Ireland.
Send a message via AIM to whooleytoo
If only we could find a character string that works on all platforms, then THAT'S what I'm calling my second child.

(My first child obviously being called: "'; drop table Users --")
__________________
Mac <- Macintosh <- McIntosh apples <- John McIntosh <- McIntosh surname <- "Mac an toshach" <- "Son of the Chief"
whooleytoo is offline   0 Reply With Quote
Old Aug 29, 2013, 03:28 PM   #17
centauratlas
macrumors 6502a
 
Join Date: Jan 2003
Location: Florida
There are now two examples in the thread now that you quoted the one you replied to!

How long until it is posted in the Apple support forum area?

Last edited by maflynn; Aug 30, 2013 at 12:02 PM. Reason: Removed deleted post from quote
centauratlas is offline   0 Reply With Quote
Old Aug 29, 2013, 03:34 PM   #18
petsounds
macrumors 6502a
 
Join Date: Jun 2007
FWIW, Firefox does not crash - they must be using their own text engine. Safari and Chrome do.

My bigger question is, why is this not a front-page story, while a story about (what is basically an ad for) SimCity is?
petsounds is offline   5 Reply With Quote
Old Aug 29, 2013, 03:38 PM   #19
bkribbs
macrumors 65816
 
Join Date: Jan 2012
Well it certainly works. That's a pain.
bkribbs is offline   0 Reply With Quote
Old Aug 29, 2013, 03:48 PM   #20
blesscheese
macrumors 6502
 
Join Date: Apr 2010
Location: Central CA
Quote:
Originally Posted by FirstNTenderbit View Post
Ars Technica is having fun with it. They intentionally entered it into their Ars IRC and everyone on OSX was immediately kicked.

One thing of note: There were a few Ars posters who stated the bug didn't affect their rMBP's. Not sure if true but Ars is taking a whimsical approach to the news.

My hope is no one, under the guise of "Hey wouldn't this be funny?", decides to do anything malicious with this.
I'm still running Snow Leopard 10.6.8! So, no ill effects on my end.

I was (literally!) just about to upgrade to 10.8, right before 10.9 came out, with the idea that all the bugs had been ironed out of 10.8, and I'll "pay to be a beta tester of 10.9" later.

But with this going on? Sheesh...
blesscheese is offline   1 Reply With Quote
Old Aug 29, 2013, 04:22 PM   #21
runeapple
macrumors 6502
 
Join Date: Mar 2010
Interestingly if you write the string as a caption for a snapchat image it doesn't crash the recipients iOS6 device. I tried sending from iOS7 to my iOS6 device, most other things crash, all iOS browsers, Mail, iMessage, Facebook, Twitter etc...
runeapple is offline   0 Reply With Quote
Old Aug 29, 2013, 04:28 PM   #22
Zaqfalcon
macrumors regular
 
Join Date: Mar 2010
I'd be interested to know what the English translation for those characters is. @FirstNTenderbit, may I borrow your foil hat please?
Zaqfalcon is offline   0 Reply With Quote
Old Aug 29, 2013, 04:49 PM   #23
mrgraff
macrumors 6502a
 
mrgraff's Avatar
 
Join Date: Apr 2010
Location: Albuquerque
Quote:
Originally Posted by Zaqfalcon View Post
I'd be interested to know what the English translation for those characters is. @FirstNTenderbit, may I borrow your foil hat please?
At ArsTechnica, there's a screenshot of the characters with a web address that you can go to see them yourself. The translation (according to http://translate.google.com) is purely a string of nonsense.
mrgraff is offline   0 Reply With Quote
Old Aug 29, 2013, 04:54 PM   #24
ghostface147
macrumors 65816
 
Join Date: May 2008
Quote:
Originally Posted by petsounds View Post
FWIW, Firefox does not crash - they must be using their own text engine. Safari and Chrome do.
Must be a webkit thing. Firefox uses gecko.
ghostface147 is offline   0 Reply With Quote
Old Aug 29, 2013, 05:20 PM   #25
ampfonseca
macrumors newbie
 
Join Date: Aug 2013
Quote:
Originally Posted by ghostface147 View Post
Must be a webkit thing. Firefox uses gecko.
Nop, its a coretext thing. Try to send a iMessage with that string.

If you look at crash report you see that coretext was the last thing being executed in the thread.
ampfonseca is offline   0 Reply With Quote

Reply
MacRumors Forums > News and Article Discussion > Mac Blog Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
iOS 8 with Watch Utility, Text Edit, HealthBook, and Preview apps aziatiklover iOS 7 9 Apr 20, 2014 04:58 AM
General: [LOOKING FOR TESTER] Possiable iOS SHSH blob exploit! JaguarLover101 Jailbreaks and iOS Hacks 7 Jan 14, 2014 04:29 PM

Forum Jump

All times are GMT -5. The time now is 06:55 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC