Unicode bug allows you to crash anyone's iPhone, Apple Watch, iPad, or OS X

Has your Apple product been crashing after receiving a weird text message lately? If so, you might be the victim of a recently discovered denial of service attack that appears to impact the entire range of Apple products, from iPhones and iPads, to the Apple Watch, and even OS X.

A redditor by the name of aus10_t8um first posted about the vulnerability, and the community identified the cause: The devices can't handle a specially crafted message, so the entire system crashes when the message is rendered. Initially the attack seemed to only be focused on iPhones, but some experimentation showed that the bug is present in all Apple products. For those who are curious, the unicode can be found on Pastebin and is shown below:

The Register did a good job explaining how the vulnerability is executed, and states that disabling lock screen notifications is a good, albeit inconvenient, way to help prevent your phone from automatically crashing.

Currently the attack seems to only cause the mobile device to reboot, but it's possible a more sophisticated attack could execute code outside of an expected range, resulting in an escalation of privileges. Luckily, for now it looks like the most common attack is simply people pranking their friends. Apple is aware of the issue and are working on a fix.

Source: Reddit via The Guardian and The Register | Shattered iPhone image courtesy of Shutterstock

Report a problem with article
boxes
Next Article

TechSpot: PC Buying Guide Machines Built and Benchmarked

1_devices-hero_620px
Previous Article

First Look at Android M Developer Preview

42 Comments - Add comment

Advertisement