A newly-discovered bug infecting iOS and Apple Macs can allow pranksters crash your Apple devices by sending a simple text message, a security experts has revealed.
Using what is known as a ‘text bomb’, the attack comes in the form of a short link which, upon delivery, will “freeze the recipient’s device and possibly restart it”, explained Abraham Masri, the researcher who uncovered the flaw – dubbed ‘chaiOS’ – on Tuesday (16 January).
The expert, under the Twitter handle @cheesecakeufo, published the bug’s code to GitHub, a repository site used by programmers and ethical hackers.
“I found a (small) bug that causes device to freeze, respring, drains battery, and/or sometimes panic,” Masri tweeted. “No need to install anything. Just open, tap then paste.” He added a short, but necessary, disclaimer: “Do not use it for bad stuff.”
“Effective Power is back, baby!” he added, in reference to a 2015 bug which spread after Reddit users found non-Latin script sent via text could force iOS reboots.
In January 2017, a similar prank circulated online after YouTube channel EverythingApplePro publicised a flaw that crashed iPhones using only a flag and a rainbow emoji.
The bug was first discovered by French Apple developer Vincent Desmurs. Describing how it worked in a blog at the time (translated into English), he wrote: “When your victim clicks on the message, their Messages app will attempt to load a large amount of data.
“That causes the system to malfunction. The text in the file is too complicated for the system and causes a CPU [issue], freezing the app. If you close the app and try to reopen it, iOS will try to reload the previous message but can’t because it’s the same file [that] contains too much text for the system to handle properly.”
Luckily, while these pranks can be annoying they are unlikely to cause lasting damage.
Cybersecurity expert Graham Cluley said it is “more of a nuisance than something that will lead to data being stolen from your computer or a malicious hacker being able to access your files”.
In a blog post, he added: “Don’t be surprised if Apple rolls out a security update in the near future to fix this latest example of a text bomb. And please, please, don’t be tempted to try the text bomb attack out on anyone else – you’re not being funny, you’re just being a j**k.” – IBTimes