Text Exploit Crashes OS X 10.8 and iOS 6 Apps

Discussion in 'Mac Blog Discussion' started by MacRumors, Aug 29, 2013.

  1. macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    An exploit that causes both Macs and iOS devices to crash was discovered yesterday, reports 9to5Mac. A specific sequence of Arabic characters causes an error that will crash any application that uses the WebKit engine in either Mountain Lion (OS X 10.8) or iOS 6.

    When sent via text message, iMessage, Messages, or typed in Safari, the sequence of characters will cause apps to crash.

    [​IMG]
    Apple has fixed the exploit in both iOS 7 and Mavericks (OS X 10.9), which means people running those operating systems are not vulnerable. All other users can be affected by the issue, which has apparently existed for more than six months.

    Article Link: Text Exploit Crashes OS X 10.8 and iOS 6 Apps
     
  2. macrumors 68000

    Joined:
    Nov 4, 2008
  3. macrumors 6502a

    Joined:
    Jan 29, 2003
    Location:
    Florida
    #3
    Can you paste the text in here for us to see.

    :D:D
     
  4. macrumors G5

    nagromme

    Joined:
    May 2, 2002
    #4
    If you even see a screenshot, you will die in seven days :eek:
     
  5. macrumors 604

    Joined:
    Mar 26, 2008
    Location:
    West Suburban Boston Ma
    #5
    And all of your Macs will turn into Dells.
     
  6. macrumors 68020

    Joined:
    May 20, 2011
    Location:
    Earth
    #6
    not possible, our hardware is better quality to begin with
     
  7. macrumors 68000

    Joined:
    Nov 4, 2008
    #7
    Now that, is extremely funny.
     
  8. macrumors 68000

    spazzcat

    Joined:
    Jun 29, 2007
    #8
    This seems like a bug then an exploit? If you could then access a users computer or phone then it would be an exploit?
     
  9. wackymacky, Aug 29, 2013
    Last edited: Aug 29, 2013

    macrumors 65816

    wackymacky

    #9
    A bug yes, but a big one. How long to some sicko with a spambot sends out millions of emails containing it. Perhaps Samsung or Microsoft will include it on there web pages.

    A large percent of mac, and the majority of iOS users won't know what hit them!
     
  10. macrumors 6502a

    TheRainKing

    Joined:
    Jun 11, 2012
    #10
    This. Apple should release an update for 10.8 users and iOS 6 users.
     
  11. macrumors 68000

    Porco

    Joined:
    Mar 28, 2005
    #11
    All users of OS X 10.8 and iOS 6 you mean? That screenshot seems to indicate earlier versions of OS X and iOS are not affected either, doesn't it?
     
  12. macrumors 6502

    FirstNTenderbit

    Joined:
    Jan 15, 2013
    Location:
    Atlanta
    #12
    /buys roll of foil

    /makes foil hat

    /logs into MR to make post


    Apple will not fix this vulnerability because they want to increase the adoption rate of Mavericks and iOS7

    /wraps iPad in foil
     
  13. macrumors 6502a

    blesscheese

    Joined:
    Apr 3, 2010
    Location:
    Central CA
    #13
    One certainly gets the impression from this that they have already stopped supporting 10.8!
     
  14. macrumors 6502

    FirstNTenderbit

    Joined:
    Jan 15, 2013
    Location:
    Atlanta
    #14
    Ars Technica is having fun with it. They intentionally entered it into their Ars IRC and everyone on OSX was immediately kicked.

    One thing of note: There were a few Ars posters who stated the bug didn't affect their rMBP's. Not sure if true but Ars is taking a whimsical approach to the news.

    My hope is no one, under the guise of "Hey wouldn't this be funny?", decides to do anything malicious with this.
     
  15. macrumors 68030

    benthewraith

    Joined:
    May 27, 2006
    Location:
    Miami, FL
    #15
    The bug for me seems to be intermittent. Sometimes it crashes, sometimes it doesn't.
     
  16. macrumors 603

    whooleytoo

    Joined:
    Aug 2, 2002
    Location:
    Cork, Ireland.
    #16
    If only we could find a character string that works on all platforms, then THAT'S what I'm calling my second child.

    (My first child obviously being called: "'; drop table Users --")
     
  17. centauratlas, Aug 29, 2013
    Last edited by a moderator: Aug 30, 2013

    macrumors 6502a

    Joined:
    Jan 29, 2003
    Location:
    Florida
    #17
    There are now two examples in the thread now that you quoted the one you replied to!

    How long until it is posted in the Apple support forum area?
     
  18. macrumors 65816

    Joined:
    Jun 30, 2007
    #18
    FWIW, Firefox does not crash - they must be using their own text engine. Safari and Chrome do.

    My bigger question is, why is this not a front-page story, while a story about (what is basically an ad for) SimCity is?
     
  19. macrumors 65816

    Joined:
    Jan 15, 2012
  20. macrumors 6502a

    blesscheese

    Joined:
    Apr 3, 2010
    Location:
    Central CA
    #20
    I'm still running Snow Leopard 10.6.8! So, no ill effects on my end.

    I was (literally!) just about to upgrade to 10.8, right before 10.9 came out, with the idea that all the bugs had been ironed out of 10.8, and I'll "pay to be a beta tester of 10.9" later.

    But with this going on? Sheesh...
     
  21. macrumors 6502

    Joined:
    Mar 5, 2010
    #21
    Interestingly if you write the string as a caption for a snapchat image it doesn't crash the recipients iOS6 device. I tried sending from iOS7 to my iOS6 device, most other things crash, all iOS browsers, Mail, iMessage, Facebook, Twitter etc...
     
  22. macrumors regular

    Joined:
    Mar 22, 2010
    #22
    I'd be interested to know what the English translation for those characters is. @FirstNTenderbit, may I borrow your foil hat please?
     
  23. macrumors 6502a

    mrgraff

    Joined:
    Apr 18, 2010
    Location:
    Albuquerque
    #23
    At ArsTechnica, there's a screenshot of the characters with a web address that you can go to see them yourself. The translation (according to http://translate.google.com) is purely a string of nonsense.
     
  24. macrumors 68000

    ghostface147

    Joined:
    May 28, 2008
    #24
    Must be a webkit thing. Firefox uses gecko.
     
  25. macrumors newbie

    Joined:
    Aug 29, 2013
    #25
    Nop, its a coretext thing. Try to send a iMessage with that string.

    If you look at crash report you see that coretext was the last thing being executed in the thread.
     

Share This Page