Text Exploit Crashes OS X 10.8 and iOS 6 Apps

[MacRumors]

An exploit that causes both Macs and iOS devices to crash was discovered yesterday, reports 9to5Mac. A specific sequence of Arabic characters causes an error that will crash any application that uses the WebKit engine in either Mountain Lion (OS X 10.8) or iOS 6.

When sent via text message, iMessage, Messages, or typed in Safari, the sequence of characters will cause apps to crash.

This bug does not work on any other operating systems and does not allow anyone else to access your computer remotely because of it, but being a recipient (or even sender) of these characters may make your Messages app unusable, cause Safari/Chrome to crash, or not allow for scanning of SSIDs (if the string is broadcasting as a Wifi network name).

Apple has fixed the exploit in both iOS 7 and Mavericks (OS X 10.9), which means people running those operating systems are not vulnerable. All other users can be affected by the issue, which has apparently existed for more than six months.

Article Link: Text Exploit Crashes OS X 10.8 and iOS 6 Apps

 

[H2SO4]

How do people even find stuff like this???

 

[centauratlas]

Can you paste the text in here for us to see.

 

[nagromme]

Can you paste the text in here for us to see.

If you even see a screenshot, you will die in seven days

 

[old-wiz]

If you even see a screenshot, you will die in seven days

And all of your Macs will turn into Dells.

 

[unplugme71]

And all of your Macs will turn into Dells.

not possible, our hardware is better quality to begin with

 

[H2SO4]

Can you paste the text in here for us to see.

Now that, is extremely funny.

 

[spazzcat]

This seems like a bug then an exploit? If you could then access a users computer or phone then it would be an exploit?

 

[wackymacky]

A bug yes, but a big one. How long to some sicko with a spambot sends out millions of emails containing it. Perhaps Samsung or Microsoft will include it on there web pages.

A large percent of mac, and the majority of iOS users won't know what hit them!

 

[TheRainKing]

A bug yes, but a big one. How long to some sicko with a spambot sends out millions of emails containing it. Perhaps Samsung or Microsoft will include it on there web pages.

A late percent of mac, and the majority of iOS users won't know what hit them!

This. Apple should release an update for 10.8 users and iOS 6 users.

 

[Porco]

Apple has fixed the exploit in both iOS 7 and Mavericks (OS X 10.9), which means people running those operating systems are not vulnerable. All other users can be affected by the issue, which has apparently existed for more than six months.

All users of OS X 10.8 and iOS 6 you mean? That screenshot seems to indicate earlier versions of OS X and iOS are not affected either, doesn't it?

 

[FirstNTenderbit]

/buys roll of foil

/makes foil hat

/logs into MR to make post

Apple will not fix this vulnerability because they want to increase the adoption rate of Mavericks and iOS7

/wraps iPad in foil

 

[blesscheese]

/buys roll of foil

/makes foil hat

/logs into MR to make post

Apple will not fix this vulnerability because they want to increase the adoption rate of Mavericks and iOS7

/wraps iPad in foil

One certainly gets the impression from this that they have already stopped supporting 10.8!

 

[FirstNTenderbit]

One certainly gets the impression from this that they have already stopped supporting 10.8!

Ars Technica is having fun with it. They intentionally entered it into their Ars IRC and everyone on OSX was immediately kicked.

One thing of note: There were a few Ars posters who stated the bug didn't affect their rMBP's. Not sure if true but Ars is taking a whimsical approach to the news.

My hope is no one, under the guise of "Hey wouldn't this be funny?", decides to do anything malicious with this.

 

[benthewraith]

The bug for me seems to be intermittent. Sometimes it crashes, sometimes it doesn't.

 

[whooleytoo]

If only we could find a character string that works on all platforms, then THAT'S what I'm calling my second child.

(My first child obviously being called: "'; drop table Users --")

 

[centauratlas]

There are now two examples in the thread now that you quoted the one you replied to!

How long until it is posted in the Apple support forum area?

 

[petsounds]

FWIW, Firefox does not crash - they must be using their own text engine. Safari and Chrome do.

My bigger question is, why is this not a front-page story, while a story about (what is basically an ad for) SimCity is?

 

[bkribbs]

Well it certainly works. That's a pain.

 

[blesscheese]

Ars Technica is having fun with it. They intentionally entered it into their Ars IRC and everyone on OSX was immediately kicked.

One thing of note: There were a few Ars posters who stated the bug didn't affect their rMBP's. Not sure if true but Ars is taking a whimsical approach to the news.

My hope is no one, under the guise of "Hey wouldn't this be funny?", decides to do anything malicious with this.

I'm still running Snow Leopard 10.6.8! So, no ill effects on my end.

I was (literally!) just about to upgrade to 10.8, right before 10.9 came out, with the idea that all the bugs had been ironed out of 10.8, and I'll "pay to be a beta tester of 10.9" later.

But with this going on? Sheesh...

 

[runeapple]

Interestingly if you write the string as a caption for a snapchat image it doesn't crash the recipients iOS6 device. I tried sending from iOS7 to my iOS6 device, most other things crash, all iOS browsers, Mail, iMessage, Facebook, Twitter etc...

 

[Zaqfalcon]

I'd be interested to know what the English translation for those characters is. @FirstNTenderbit, may I borrow your foil hat please?

 

[mrgraff]

I'd be interested to know what the English translation for those characters is. @FirstNTenderbit, may I borrow your foil hat please?

At ArsTechnica, there's a screenshot of the characters with a web address that you can go to see them yourself. The translation (according to http://translate.google.com) is purely a string of nonsense.

 

[ghostface147]

FWIW, Firefox does not crash - they must be using their own text engine. Safari and Chrome do.

Must be a webkit thing. Firefox uses gecko.

 

[ampfonseca]

Must be a webkit thing. Firefox uses gecko.

Nop, its a coretext thing. Try to send a iMessage with that string.

If you look at crash report you see that coretext was the last thing being executed in the thread.