MacRumors

macrumors bot
Original poster
Apr 12, 2001
53,528
15,251



A software update coming next week will fix an issue that allows a malicious link to freeze the Messages app on the iPhone and iPad, Apple confirmed to MacRumors this morning.

Apple is likely talking about iOS 11.2.5, which is nearing the end of the beta testing period. iOS 11.2.5 beta 6, as we discovered yesterday, does indeed address the issue and prevents the malicious link from working.

githubtextbug-800x308.jpg

We expect to see a final release of iOS 11.2.5 available next week alongside macOS High Sierra 10.13.3, watchOS 4.2.2, and tvOS 11.2.5.

The malicious link first surfaced on Tuesday after it was shared on Twitter. When texted to an iOS device, it is able to cause the Messages app on the iPhone or iPad to freeze up and become unusable. Macs are also affected, and we expect to see a Mac fix in macOS 10.13.3.

A user who receives the link will see their Messages app freeze entirely, and the fix appears to require users to quit out of the Messages app and then delete the entire conversation with the person who sent the link to restore the app to working condition.

The link initially went to a webpage on GitHub, but GitHub took it down on Wednesday, limiting its spread. Most users are not likely to be impacted at this point because the original link has been disabled, but if you do get a text with a bad link before iOS 11.2.5 is released, deleting the Messages conversation is a reliable fix.

Article Link: Apple Confirms Fix is Coming Next Week for Malicious Link That Freezes Messages App
 
  • Like
Reactions: teezy

mattburley7

macrumors 68040
Oct 13, 2011
3,405
693
I wonder how many more of these patterns are going to be found in the future. Seems like each time Apple is just patching for one case and people find the next case eventually.

PS: Are we getting message on iCloud and AirPlay 2 on iOS 11.2.5?

no we are not.. 11.3 maybe?
 

npmacuser5

macrumors 65816
Apr 10, 2015
1,385
1,536
I wonder how many more of these patterns are going to be found in the future. Seems like each time Apple is just patching for one case and people find the next case eventually.

PS: Are we getting message on iCloud and AirPlay 2 on iOS 11.2.5?

Thousands....Apple and others, doing too many changes in too short a time frame. Each year it gets worse. The problems the sloppy coding cause are a headache enough, then add the hours of users time to implement the patches. I have 7 IOS and Mac OS products. Updating just these few costs me at a minimum 1 tp 2 hours each time. Multiply that times the number of Apple products worldwide, a significant cost in loss of productivity in time and a Monies. Apple needs to be more sensitive to our time and costs.
 

jav6454

macrumors P6
Nov 14, 2007
17,138
2,215
1 Geostationary Tower Plaza
That is not a text message... it is Zalgo!!! ZA͡L̢GƠ ͠is not goi̶ng ͞t҉o͞ ͘te̛ll͜ ̀y͞ou ̴w̵ha̡t͡ ZALG͏Ó ͢i̢s, for ҉Z̧AL͟GO͘ i͘s̸ not. Z̸A̴LG͝O̕ is ̢ǹot͏ à g͡o͞od҉ t̨hin͠g͘.͜ ̵ ҉Z͜A̢L̕GO͢ ҉is̸ no͟t͏ /̀x/ ̵o̡r ̛S̀A.͠ ͏ ZAL͡GO͘ ͡is͞ n̷o̧t ̢u̕nt̸i̴l̵ the e͟n̵d̀ ͜o̷f ̵days̀.͜ ̷ ̵ ̷He̕ W͞ai͞t͞s͡ ͡Be͜h̵ind

1200x630bb.jpg
 

macduke

macrumors G4
Jun 27, 2007
11,583
15,904
Central U.S.
Sometimes websites will have a popup saying your device is hacked and it locks up Safari on iOS. I think it uses javascript and even ad blockers don't stop it. They need to fix that. It's pretty rare that it happens, but it's still really annoying. I wish ad networks would stop these sorts of ads from seeping through, but it's fairly clear that they don't care about users.
 

zachcsnyder

macrumors member
Jul 23, 2014
55
116
Here’s hoping they fix the other prolific bug of messages freezing or crashing a couple times per day on days when the sky is blue
 

ArtOfWarfare

macrumors G3
Nov 26, 2007
9,234
5,293
I hope the person that posted the link to Github faces consequences of that action.

Hmmm... that is an interesting point... normally with these viral messages that disable the Messages app, there's no great way of tracking it back to whoever started it.

In this case though, it seems like GitHub probably has the ability to identify who uploaded the content to their website...

There is still a question of what the person really intended, though. Was it a security person who meant to just share it with Apple, but someone else leaked a link, for example? You could argue that the person should have used a private account on GitHub, but GitHub charges for private accounts while public ones are free.
 
  • Like
Reactions: FightTheFuture
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.