How to Fix the 'Black Dot' Unicode Bug Crashing iMessage

[MacRumors]

Yet another Unicode bug has been discovered that is capable of crashing apps and operating systems, ranging from WhatsApp on Android to iMessage on iOS. We won't share the exact string, to prevent it from spreading further, but it includes black dot (⚫&#xfe0f and pointing left (&#x1f448 emojis plus other hidden characters.

Simply put, this particular Unicode string cannot be rendered properly and leads to system crashing. In general, when the bug affects iMessage, the issue can be resolved by deleting the conversation containing the problematic message. The following steps work on iPhone 6s and newer, excluding the iPhone SE:

• Force close the Messages app.
  Ask Siri to send a reply to the sender of the message so that the Unicode string is no longer the most recent bubble in the conversation.
  3D Touch on the Messages app icon from the home screen and tap New Message in the menu that pops open.
  Tap on Cancel in the top-right corner of the New Message screen.
  Tap on Edit in the top-left corner of the conversation list.
  Tap the circle to the left of the conversation containing the problematic message. A blue checkmark will appear.
  Tap on Delete in the bottom-right corner.

If you have an iPhone with Siri but not 3D Touch, ranging from the iPhone 4s to the iPhone 6 Plus, and iPhone SE, the steps are slightly different:

• Force close the Messages app.
  Ask Siri to send a reply to the sender of the message as many times as necessary until the bubble containing the Unicode string is bumped off the visible part of the conversation.
  Open the Messages app.
  Tap on the back arrow in the top-left corner to return to the conversation list.
  Tap on Edit in the top-left corner of the conversation list.
  Tap the circle to the left of the conversation containing the problematic message. A blue checkmark will appear.
  Tap on Delete in the bottom-right corner.

It may also be possible to delete the problematic message on another device running the iOS 11.4 or macOS 10.13.5 betas via Messages on iCloud.

While this latest Unicode bug was discovered last week, it is only now beginning to receive widespread attention in the Apple community, after it was highlighted on a few popular YouTube channels. We've elected not to provide any links, but the specific string is easily Google-able for those interested.

The bug affects both iOS 11.3 and iOS 11.4 beta, and many other software versions, platforms, and devices. Apple has yet to issue a fix, but it will likely release software updates to address the problem soon.

Article Link: How to Fix the 'Black Dot' Unicode Bug Crashing iMessage

 

[497902]

Or just use another messaging app.

 

[nfl46]

At this point, just throw the whole iOS 11 out the window! It was a compete dumpster fire.

 

[err404]

Or just use another messaging app.

It’s an OS issue. Any app displaying this string will crash.

 

[TimUSCA]

Or just use another messaging app.

iMessage is the best messaging platform though, especially from a security standpoint. Glitches happen sometimes. The better solution is to wait for the fix (which is usually fast) and not have terrible friends who would send this to you to begin with.

 

[err404]

At this point, just throw the whole iOS 11 out the window! It was a compete dumpster fire.

The article says that Android is also impacted…

 

[amaze1499]

85% of the readers will try to reproduce the bug right after they read the article. 100% succeeded.

 

[carlsson]

Maybe an easier solution: Delete the actual message from Messages on your Mac.

 

[ArtOfWarfare]

I'd love to hear a technical explanation for why these issues keep coming up.

Since it impacts both Android and iOS, I assume this is something low-lying in a common library for handling Unicode? What exactly is that doing which ends up with such bad results when it messes up... and like... couldn't you write some unit tests which just generate hundreds of millions of random strings to throw at that function during testing?

 

[carlsson]

At this point, just throw the whole iOS 11 out the window! It was a compete dumpster fire.

According to the artice it affects Android as well.

Maybe we shall throw all smartphones out the window?

 

[ArtOfWarfare]

Maybe an easier solution: Delete the actual message from Messages on your Mac.

Article says it impacts Android as well as iOS, which suggests this is some very low level, very common library for handling unicode that likely impacts Mac and Windows as well.

When I write code, I just stay the heck away from unicode and stick with ASCII... millions of characters and trillions of two character combos, which go into millions of trillions of three character combos... just way too many edge cases that could go catastrophically wrong.

Of course, Apple doesn't have that luxury. They're making a messaging app for end users around the planet - it can't just ignore the massive issue of handling unicode.

 

[497902]

iMessage is the best messaging platform though, especially from a security standpoint. Glitches happen sometimes. The better solution is to wait for the fix (which is usually fast) and not have terrible friends who would send this to you to begin with.

I’m pretty sure it doesn’t compete with Signal from a security standpoint.

 

[Arty6]

Or just use another messaging app.

At this point, just throw the whole iOS 11 out the window! It was a compete dumpster fire.

Yet another Unicode bug has been discovered that is capable of crashing apps and operating systems, ranging from WhatsApp on Android to iMessage on iOS. We won't share the exact string, to prevent it from spreading further, but it includes "black dot" and "pointing left" emojis and other characters.

Literally the first paragraph in the article people. Take the time to read the article before posting your hate messages.

 

[Yvan256]

iPhone 4 with iOS 7 here, immune to this problem.

 

[JustMartin]

I'd love to hear a technical explanation for why these issues keep coming up.

Since it impacts both Android and iOS, I assume this is something low-lying in a common library for handling Unicode? What exactly is that doing which ends up with such bad results when it messes up... and like... couldn't you write some unit tests which just generate hundreds of millions of random strings to throw at that function during testing?

There's some interesting background on the Telugu bug - https://manishearth.github.io/blog/2018/02/15/picking-apart-the-crashing-ios-string/ but that one seems to be constrained to Apple software and is related to two letters joining to make a third. I suspect this one is rather more mundane and probably some kind of 0 length string issue.

 

[whooleytoo]

How long is the string in question?

Given the ease with which these bugs can be sent to others, could they run an automated test covering the entire Unicode character set? Obviously if the bug requires a multiple character string it becomes significantly more difficult to achieve full test coverage.

 

[MJLyco]

I'd love to hear a technical explanation for why these issues keep coming up.

Since it impacts both Android and iOS, I assume this is something low-lying in a common library for handling Unicode? What exactly is that doing which ends up with such bad results when it messes up... and like... couldn't you write some unit tests which just generate hundreds of millions of random strings to throw at that function during testing?

 

[JustMartin]

So, if this is the same issue as the Android one, then it's not like the Telugu bug, which was a legitimate character string that was failing, but something designed deliberately to crash a renderer by embedding thousands of control characters within a message. But, if that's the case and that you can't crash messages by simply sending a black spot and a pointing emoji to someone, then how does it propagate?

 

[yanksfan114]

I’m pretty sure it doesn’t compete with Signal from a security standpoint.

True but both offer end to end encryption by default nonetheless and iMessage is baked into iOS. The hardest hurdle for messaging apps is getting people to use them.

 

[Altis]

The black spot!

 

[bb9]

At this point, just throw the whole iOS 11 out the window! It was a compete dumpster fire.

You can do better - sent your phone to me instead. I promise to torture your phone everyday so you can feel satisfaction.

 

[nt5672]

I'd love to hear a technical explanation for why these issues keep coming up. . . . .

I have no direct experience with how Apple does it internally, but the icu publishes library code that is notoriously buggy and is used in a lot of systems and software. See http://site.icu-project.org/.

Edit:
I looked up the latest ICU release for March 26, 2018 and they tested against Xcode 8.3 (LLVM clang 8.1.0). Xcode 9 was released what June 2017 almost a year ago.

 

[fairuz]

Sigh. At what point will there be an arbitrary code injection attack via emojis?

 

[Porco]

Seeing as this keeps happening, it feels like Apple should give us a way to turn off rendering of messages whilst retaining the ability to delete them (e.g. just display the time of the message being received but not the actual message content - then we could know what to delete without it having to render the problematic string). Would that work?

It might be nice to have an option to collapse messages into a time/date stamp anyway, regardless of it being a way to get around these bugs.

 

[fairuz]

I’m pretty sure it doesn’t compete with Signal from a security standpoint.

Depends what kind of security you're talking about. Security against receiving unwanted messages, maybe. I've never used Signal, so idk. Btw, iMessage is supposedly end-to-end encrypted with a key Apple never holds, but there's no reason to believe the claim.