Apple Confirms Fix is Coming Next Week for Malicious Link That Freezes Messages App

[MacRumors]

A software update coming next week will fix an issue that allows a malicious link to freeze the Messages app on the iPhone and iPad, Apple confirmed to MacRumors this morning.

Apple is likely talking about iOS 11.2.5, which is nearing the end of the beta testing period. iOS 11.2.5 beta 6, as we discovered yesterday, does indeed address the issue and prevents the malicious link from working.

We expect to see a final release of iOS 11.2.5 available next week alongside macOS High Sierra 10.13.3, watchOS 4.2.2, and tvOS 11.2.5.

The malicious link first surfaced on Tuesday after it was shared on Twitter. When texted to an iOS device, it is able to cause the Messages app on the iPhone or iPad to freeze up and become unusable. Macs are also affected, and we expect to see a Mac fix in macOS 10.13.3.

A user who receives the link will see their Messages app freeze entirely, and the fix appears to require users to quit out of the Messages app and then delete the entire conversation with the person who sent the link to restore the app to working condition.

The link initially went to a webpage on GitHub, but GitHub took it down on Wednesday, limiting its spread. Most users are not likely to be impacted at this point because the original link has been disabled, but if you do get a text with a bad link before iOS 11.2.5 is released, deleting the Messages conversation is a reliable fix.

Article Link: Apple Confirms Fix is Coming Next Week for Malicious Link That Freezes Messages App

 

[coolfactor]

I hope the person that posted the link to Github faces consequences of that action.

 

[Tech198]

And how can you delete a message if the app is frozen?

 

[tzm41]

I wonder how many more of these patterns are going to be found in the future. Seems like each time Apple is just patching for one case and people find the next case eventually.

PS: Are we getting message on iCloud and AirPlay 2 on iOS 11.2.5?

 

[justperry]

And how can you delete a message if the app is frozen?

Quit messages, relaunch, it will show the persons/chats you have, delete the affected person/chat, that's how I think it works.

 

[mattburley7]

I wonder how many more of these patterns are going to be found in the future. Seems like each time Apple is just patching for one case and people find the next case eventually.

PS: Are we getting message on iCloud and AirPlay 2 on iOS 11.2.5?

no we are not.. 11.3 maybe?

 

[tzm41]

no we are not.. 11.3 maybe?

They gotta ship AirPlay 2 before HomePod launches though, right? From yesterday's rumor HomePod launch is imminent.

 

[d5aqoëp]

The more complex iOS gets, the more we will see these nuisance bugs.

 

[mattburley7]

They gotta ship AirPlay 2 before HomePod launches though, right? From yesterday's rumor HomePod launch is imminent.

i think airplay2 is in 11.2.5 though. just not iCloud messages.

 

[BugeyeSTI]

Everythingapplepro latest YouTube video shows something similar:

 

[npmacuser5]

I wonder how many more of these patterns are going to be found in the future. Seems like each time Apple is just patching for one case and people find the next case eventually.

PS: Are we getting message on iCloud and AirPlay 2 on iOS 11.2.5?

Thousands....Apple and others, doing too many changes in too short a time frame. Each year it gets worse. The problems the sloppy coding cause are a headache enough, then add the hours of users time to implement the patches. I have 7 IOS and Mac OS products. Updating just these few costs me at a minimum 1 tp 2 hours each time. Multiply that times the number of Apple products worldwide, a significant cost in loss of productivity in time and a Monies. Apple needs to be more sensitive to our time and costs.

 

[jav6454]

That is not a text message... it is Zalgo!!! ZA͡L̢GƠ ͠is not goi̶ng ͞t҉o͞ ͘te̛ll͜ ̀y͞ou ̴w̵ha̡t͡ ZALG͏Ó ͢i̢s, for ҉Z̧AL͟GO͘ i͘s̸ not. Z̸A̴LG͝O̕ is ̢ǹot͏ à g͡o͞od҉ t̨hin͠g͘.͜ ̵ ҉Z͜A̢L̕GO͢ ҉is̸ no͟t͏ /̀x/ ̵o̡r ̛S̀A.͠ ͏ ZAL͡GO͘ ͡is͞ n̷o̧t ̢u̕nt̸i̴l̵ the e͟n̵d̀ ͜o̷f ̵days̀.͜ ̷ ̵ ̷He̕ W͞ai͞t͞s͡ ͡Be͜h̵ind

 

[RightMACatU]

Can I send this to my bank that owns my mortgage?

 

[justperry]

Everythingapplepro latest YouTube video shows something similar:

That video could be 1 minute long and still have all the information inside, keeps repeating himself.

 

[BMcCoy]

Remind me why we’re jumping from 11.2.2 to 11.2.5 ..?

 

[macduke]

Sometimes websites will have a popup saying your device is hacked and it locks up Safari on iOS. I think it uses javascript and even ad blockers don't stop it. They need to fix that. It's pretty rare that it happens, but it's still really annoying. I wish ad networks would stop these sorts of ads from seeping through, but it's fairly clear that they don't care about users.

 

[timborama]

Or Apple could just let me disable URL previews in messages. Utterly annoying “feature”.

 

[kemal]

Next week? Should have been Tuesday.

 

[BugeyeSTI]

That video could be 1 minute long and still have all the information inside, keeps repeating himself.

Agreed. I barely could make it through the whole thing

 

[zachcsnyder]

Here’s hoping they fix the other prolific bug of messages freezing or crashing a couple times per day on days when the sky is blue

 

[cmaier]

Remind me why we’re jumping from 11.2.2 to 11.2.5 ..?

Because of magic.

 

[Solver]

It is very possible that this fix will be released as iOS 11.2.3

 

[FightTheFuture]

Agreed. I barely could make it through the whole thing

Pretty scary stuff seeing it in action though. I do wonder how the iPhone that sent the message doesn't freeze too.

 

[BugeyeSTI]

Pretty scary stuff seeing it in action though. I do wonder how the iPhone that sent the message doesn't freeze too.

You’d figure instead of releasing this crap to the public where it will cause havoc, they would contact Apple with the exploit and try and get some type of bounty so it can be patched.

 

[ArtOfWarfare]

I hope the person that posted the link to Github faces consequences of that action.

Hmmm... that is an interesting point... normally with these viral messages that disable the Messages app, there's no great way of tracking it back to whoever started it.

In this case though, it seems like GitHub probably has the ability to identify who uploaded the content to their website...

There is still a question of what the person really intended, though. Was it a security person who meant to just share it with Apple, but someone else leaked a link, for example? You could argue that the person should have used a private account on GitHub, but GitHub charges for private accounts while public ones are free.