Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

PSA: New Character Bug in Messages Causing iOS Devices to Crash [Updated]

ArtOfWarfare said:
I know, that's Java and Apple would actually use Swift, but still, how hard can it possibly be to just not let the exception through?
Click to expand...

I'm pretty sure they're still using Objective-C in some of their apps, at least partially.
But anyways, even with good practices you still have bugs. What I find strage is that they still have the same kind of bug in Messages.
 
How does a specific text string crashes an app?

Analog Kid said:
Are any of the 32 million Sindhi people members of Mac Rumors? I’d love to know if that combination of characters has any meaning, or if it’s just a random combination that someone realized causes headaches...
Click to expand...

it seems to say "bad bad" or "evil evil", complements from Google Translate
 
ArtOfWarfare said:
How hard can it possibly be to just have something like:

Code: 
try {
    renderText();
} catch (Exception e) {
    renderUnprintable();
    reportToApple(e);
}


I know, that's Java and Apple would actually use Swift, but still, how hard can it possibly be to just not let the exception through?
Click to expand...

Maybe because the renderText function has a bug that doesn't throw an exception and instead cause other problems? No piece of software is perfect and processing text which has a million different variations from scratch is actually much harder than you might think.
 
  • Like
Reactions: I7guy
ArtOfWarfare said:
Just use Chaos Monkey or something and have it throw every possible combination of characters at it.
Click to expand...

There is no such thing as “every possible combination of characters“ when you’re dealing with Unicode.

Still, these kinds of bugs shouldn’t keep happening.
[automerge]1587742546[/automerge]
outskirtsofinfinity said:
It's better to develop a good systematic understanding of their own code and keep userspace strings from interfering with the kernel code (or whatever). Some computer languages make this a fairly easy task - they keep (and treat) strings as strings and do a great job compartmentalizing. It ain't rocket science.
Click to expand...

woah, there! AFAIK this doesn’t allow remote code execution or kernel privileges. It’s a crash (which is the correct and safe thing to do when the program enters an invalid state), and what happened with previous text bugs was that notifications and so on would be reloaded each time you started, causing a crash loop. It‘s a bug, but it is not a security vulnerability.
 
Last edited:
springsup said:
woah, there! AFAIK this doesn’t allow remote code execution or kernel privileges. It’s a crash (which is the correct and safe thing to do when the program enters an invalid state), and what happened with previous text bugs was that notifications and so on would be reloaded each time you started, causing a crash loop. It‘s a bug, but it is not a security vulnerability.
Click to expand...
I don‘t want to speak for someone else, but I think they were saying that a text sequence in an application should affect an app but not the system. This seems to bring down the whole OS, which no application should be able to do as a result of user input, even if it is built on system frameworks.
 
ArtOfWarfare said:
How hard can it possibly be to just have something like:

Code: 
try {
    renderText();
} catch (Exception e) {
    renderUnprintable();
    reportToApple(e);
}


I know, that's Java and Apple would actually use Swift, but still, how hard can it possibly be to just not let the exception through?
Click to expand...

As an iOS dev (not @ apple lol) -- the core part of iOS, most likely where notifications are handled and where the bug are occurring, are definitely not written in Swift. It's an extremely complex stitching of low/high-level software. Low level code, like C, doesn't have a concept of exceptions; code either accesses correct memory or incorrect memory, and if it does something wrong, it simply breaks, if the checks aren't robust enough.

My guess is that these specific set of characters passes a check at the high-level code (i.e., UI code that styles the incoming text) but fails a lower-level one. After the previous "effective power" bug from 2015, you can bet Apple traced it down and patched what they could. Just seems like there was somewhere else that the first bug didn't quite hit.

For more info, see Tom Scott's great video on the "effective power" bug here:
 
riverfreak said:
I really wish Apple would treat your contact list as a whitelist and treat everything else as spam, both calls and messages. Heck, I’d even extend that to email, too.
Click to expand...

These features exist already. You can turn them on in phone and message settings.

Edit: Just saw that this has already been mentioned twice in this thread... oh well.
 
ArtOfWarfare said:
How hard can it possibly be to just have something like:

Code: 
try {
    renderText();
} catch (Exception e) {
    renderUnprintable();
    reportToApple(e);
}


I know, that's Java and Apple would actually use Swift, but still, how hard can it possibly be to just not let the exception through?
Click to expand...

Probably because the underlying framework, CoreText, is surprisingly low-level and probably written in C. I’m guessing that these more complicated bugs don’t just throw an exception, they might instead trigger undefined behavior. If that’s the case, your solution wouldn’t work. I think Apple is trying to move the text rendering to a separate thread which could crash without much ado.
 
These are so interesting to me - both in terms of how they happen, and how they're discovered lol.
 
  • Like
Reactions: I7guy
adnbek said:
These features exist already. You can turn them on in phone and message settings.

Edit: Just saw that this has already been mentioned twice in this thread... oh well.
Click to expand...

sure. Except that it doesn’t work. I receive calls from people I don’t know constantly. I receive messages from people and companies I don’t know on a daily basis. A few of them end up in the “Unknown Senders” list. But that’s not good enough. I don’t want these people contacting me at all. When they ring or message my number I either want the call to ring indefinitely without notifying me — ever — or I want the messages to bounce as recipient unknown.
 
  • Like
Reactions: I7guy
riverfreak said:
sure. Except that it doesn’t work. I receive calls from people I don’t know constantly. I receive messages from people and companies I don’t know on a daily basis. A few of them end up in the “Unknown Senders” list. But that’s not good enough. I don’t want these people contacting me at all. When they ring or message my number I either want the call to ring indefinitely without notifying me — ever — or I want the messages to bounce as recipient unknown.
Click to expand...

If they are not in your contacts I don’t see how these two filters don’t work 100%. It should... I’ve never had a call from anyone outside of my contacts since I enabled the feature, it always goes straight to voicemail. Always.

if “silence unknown contacts” is enabled I don’t see how a call outside of your contacts can still go through...
 
adnbek said:
If they are not in your contacts I don’t see how these two filters don’t work 100%. It should... I’ve never had a call from anyone outside of my contacts since I enabled the feature, it always goes straight to voicemail. Always.

if “silence unknown contacts” is enabled I don’t see how a call outside of your contacts can still go through...
Click to expand...
I think OP is saying they don't want unknown callers to even be able get through. No texts, imessage or voice mails.

That scenario won't work for me, but I read somewhere that Apple is implementing STIR/SHAKEN protocol and that protocol will help identify SPAM callers more precisely, but doesn't help with the legitimate unknown caller.
 
ArtOfWarfare said:
Right - this seems pretty easy to unit-test. Just use Chaos Monkey or something and have it throw every possible combination of characters at it.
Click to expand...
Man, I thought this level of "talking about things I've heard but I don't understand" was reserved for Pointy-Haired Bosses and Michael Scott.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back