in

New iPhone text-bomb bug: Just receiving this Sindhi character notification crashes iPhones

iOS 13.4.1, the latest version of Apple’s mobile OS, will crash if an iPhone or iPad merely receives an app notification with a particular string of characters in the Sindhi language. 

The latest ‘text bomb’ bug has the potential to cause widespread problems for iOS users because the crash can be triggered by a notification from any app, including Messages, WhatsApp, and also social-media apps like Twitter, which means it can affect thousands of users simultaneously. 

SEE: 10 tips for new cybersecurity pros (free PDF)    

9to5Mac reports that the crash-inducing characters have been going viral on Twitter and that it appears to have originally been shared on a Telegram group. 

The original message that caused the crash contained an Italian flag emoji and Sindhi characters. However, EverythingApplePro demonstrated the Italian flag wasn’t necessary to crash the latest version of iOS. After receiving a notification from a prankster, the iPhone freezes, can’t be turned off, and will eventually crash. 

The text-crash bug is reminiscent of the ‘Effective Power’ bug from 2015. However, that only spread through the Messages app and caused the iPhone to crash. It relied on a string of Arabic characters. Apple at the time noted it was an iMessage issue caused by a series of Unicode characters.    

Then in 2018, iPhone users were affected by text-bomb messages using characters in the Telugu language.  

The new text-crash bug reportedly doesn’t affect iOS 13.4.5 but that’s still in beta, so everyone else with the stable latest release is vulnerable and just needs to sit tight until Apple releases it or an interim update. iOS 13.4.5 is expected out in the next few weeks.

One mitigation is to turn off notifications until Apple releases a fix. Additionally, iPhones that do crash after receiving the notification can get back up and running after a reboot. Nonetheless, it could be an annoyance to iPhone owners if pranksters start spreading the message. 

Smartphones


Source: Information Technologies - zdnet.com

Apple disputes recent iOS zero-day claim

Security alert: 'Dramatic' increase in cyberattacks says WHO, after passwords leaked online