
Hey Siri, can you help me get access to my texts again after that strange message I received consisting of non-Latin characters crashed my iPhone? In advance of a software update to fix the bug, yes it can.
Apple has published a temporary workaround for iOS users affected by the bug, which was found to affect iPhones earlier in the week, and subsequently revealed to be capable of affecting the Apple Watch, iPads and Macs.
In a new article published on its support website, Apple outlined a three-step process, enabling people to open their Messages app again:
- Ask Siri to “read unread messages”.
- Use Siri to reply to the malicious message. After you reply, you’ll be able to open Messages again.
- In Messages, swipe left to delete the entire thread. Or tap and hold the malicious message, tap More, and delete the message from the thread.
The booby-trapped text message presented characters – including those from Arabic, Chinese and Marathi – in a specific sequence that choked Apple’s CoreText system, crashing the recipient’s device and leaving them unable to access their messages.
Pranksters seized upon the message to crash friends’ iPhones, but security experts have warned that this kind of bug has the potential to be used for more malicious purposes in the future.
“Programming errors in Unicode decoding and rendering will produce more errors like this, some of which may be exploitable to access elevated privilege levels on devices,” said Ken Simpson, chief executive of email security company MailChannels – although he noted that such an exploit had not yet been developed.
SMS exploits are not a new trend, however. In 2009, two cybersecurity researchers uncovered loopholes that enabled them to hack in to iPhones by sending a series of text messages, with Apple patching the vulnerability that July.
Apple plans to fix the current messaging bug without the need for Siri soon. “Apple is aware of an iMessage issue caused by a specific series of unicode characters and we will make a fix available in a software update,” explained its support page.
No comments:
Post a Comment