'Text Bomb' Is Latest Apple Bug

An anonymous reader quotes a report from the BBC: A new "text bomb" affecting Apple's iPhone and Mac computers has been discovered. Abraham Masri, a software developer, tweeted about the flaw which typically causes an iPhone to crash and in some cases restart. Simply sending a message containing a link which pointed to Mr Masri's code on programming site GitHub would be enough to activate the bug -- even if the recipient did not click the link itself. Mr Masri said he "always reports bugs" before releasing them. Apple has not yet commented on the issue. On a Mac, the bug reportedly makes the Safari browser crash, and causes other slowdowns. Security expert Graham Cluley wrote on his blog that the bug does not present anything to be particularly worried about -- it's merely very annoying. After the link did the rounds on social media, Mr Masri removed the code from GitHub, therefore disabling the "attack" unless someone was to replicate the code elsewhere.

Where's the video?

[bogaboga]

causes an iPhone to crash and in some cases restart. Simply sending a message containing a link which pointed to Mr Masri's code on programming site GitHub would be enough to activate the bug -- even if the recipient did not click the link itself. Mr Masri said he "always reports bugs" before releasing them.

I usually love seeing such bugs in action. Anyone can point us to the video?

Re:Where's the video?

[FFOMelchior]

Hopefully Computerphile does a vid on it. They did a great one on Effective Power: https://www.youtube.com/watch?...

Replace CEO

Apple's got a real general malaise problem, lately. The fix is likely to replace the CEO and possibly other high-up executives because they've focused too much on other crap, and not on the core-business. If Tim Cook, (for example,) wants to be the CEO of a watch company, or a headphone company, let him go do that.

Apple is a computer company, even if they removed the word "computer" from their name. Of course this is merely my opinion, but I'll tell you this for sure: unless and until Apple shapes up its act, I am not buying any more Apple products, or products that only work with Apple products. If it comes to pass that I need a new computer and/or cellphone before Apple pulls its corporate head out of its corporate ass, I will switch to something else. (Case in point, I recently obtained an old MacBook that Apple has decided is obsolete, and put GNU/Linux on it, in preparation for doing the same with my iMac, which once I don't need it for my iPhone anymore, that will be it, and I will unApplify my life. I'll probably get a dumb-phone, and go back to the days when I navigated for myself, etc., and not rely on the increasingly unreliable kludgey crap coming from Apple nowadays.

Re:Replace CEO

[Narcocide]

This seems underrated to me. Maybe ditching the CEO is going a bit too far, but they definitely need to get serious about software QA.

Re:Replace CEO

Senior management need their arses kicked. Start at the top and work down. This tit is getting millions per year to sow the seeds of the company's demise.

Re: Replace CEO

What dumbass missed this insightful? The problem isn't the CEO. The issue is that modern systems are tremendously complex and despite best efforts bugs can and do still happen.

Re:Replace CEO

[Hal_Porter]

The free market demands a blood sacrifice in order for Apple to have expiation

Re: Replace CEO

I smell in you a low self esteem crapple apologist.

How does it feel to suck Tim Cock's cock, bitch?

Re:Replace CEO

[lucm]

once I don't need it for my iPhone anymore, that will be it, and I will unApplify my life. I'll probably get a dumb-phone, and go back to the days when I navigated for myself, etc., and not rely on the increasingly unreliable kludgey crap coming from Apple nowadays.

You don't need to switch to a dumb-phone to be free of Apple junkware. Do yourself a favor, try a Samsung S8 and discover what a great experience it can be to use a truly high-end smartphone, with a gorgeous screen, conveniently expandable storage and a headphone jack. The best part is that you can achieve that without bending over for another Big Brother, you can use excellent open-source software from F-Droid.

Re: Replace CEO

You sound like a poor person that can't afford an iPhone or even an ISIS phone... sorry Galaxy...

Re: Replace CEO

[tsa]

Not only software. Appleâ(TM)s hardware use to be worth the money but now itâ(TM)s overpriced and not as ergonomic and useful as it used to be. Thanks to it not being upgradable its cost per year and its impact on the environment has exploded too.

Re: Replace CEO

Only dumb people, poor people, women, and homosexuals use Apple products. The phone users with the highest reported debt are Apple users. Apple products are purchased with loans by dumb people, poor people, children, and mentally ill people. Apple products are for the dumb, poor, and mentally ill.

Re: Replace CEO

[Godwin+O'Hitler]

Their apostrophes were better in the olden days too.

Re: Replace CEO

[tsa]

See? Everything was better back then. :P

Re:Replace CEO

[mjwx]

Apple's got a real general malaise problem, lately. The fix is likely to replace the CEO and possibly other high-up executives because they've focused too much on other crap, and not on the core-business. If Tim Cook, (for example,) wants to be the CEO of a watch company, or a headphone company, let him go do that.

Apple is a computer company, even if they removed the word "computer" from their name. Of course this is merely my opinion, but I'll tell you this for sure: unless and until Apple shapes up its act, I am not buying any more Apple products, or products that only work with Apple products. If it comes to pass that I need a new computer and/or cellphone before Apple pulls its corporate head out of its corporate ass, I will switch to something else. (Case in point, I recently obtained an old MacBook that Apple has decided is obsolete, and put GNU/Linux on it, in preparation for doing the same with my iMac, which once I don't need it for my iPhone anymore, that will be it, and I will unApplify my life. I'll probably get a dumb-phone, and go back to the days when I navigated for myself, etc., and not rely on the increasingly unreliable kludgey crap coming from Apple nowadays.

I hate to be the one to break it to you, but Apple has been like that since the 2000's. They've just lost their cult of personality.

They've always produced unreliable, klugey crap but previously had good marketing and a legion of rabid fanboys to attack anyone suggesting it wasn't the best thing since Jesus made pancakes out of wine.

An Iphone 8 isn't worse than an Iphone 3, it's just that people are seeing them for the overpriced crap they are. Replacing the CEO wont do anything to change that because the previous CEO got rid of anyone who would challenge him, that means he got rid of anyone remotely capable of maintaining a cult of personality like he did.

Re:Replace CEO

I'm just going to leave this right here:

https://www.reddit.com/r/funny/comments/7ph2mx/the_way_things_are_going/

Move along nothing to see here

"Mr Masri removed the code from GitHub, therefore disabling the "attack" unless someone was to replicate the code elsewhere."

Oh wait. This is /. Walled garden, Android is better, etc etc.

Re:Move along nothing to see here

Enjoy

https://web.archive.org/web/20180117063656/iabem97.github.io/chaiOS

Re:Move along nothing to see here

[Baton+Rogue]

"Mr Masri removed the code from GitHub, therefore disabling the "attack" unless someone was to replicate the code elsewhere."

It's called Forking, and probably was done by many people before he removed the code. This is rather reckless on his part to make the exploit available before Apple has a chance to patch it.

Text?

Link?

Is it really a bug though??

I don't know about all of you, but I'm getting really excited just waiting to see how SuperKendall will enlighten us all as to how this is a feature that benefits each and every disciple of the Apple world. This is gonna be good.

+1 troll

Slowdowns?

[AHuxley]

As part of that crash and other slowdowns result is the user's password getting revealed in plain text again?

Re:Slowdowns?

No, but it’s revealed that you’re a flaming cock smoker.

Re:Disabled how?

[Anubis+IV]

The Messages app's default behavior has it load a preview of the linked-to content, hence why the linked-to content can—and in this case did—cause problems.

Anyway, previews can be toggled on or off in settings, it's possible to delete the offending messages via settings if Messages becomes inaccessible, and messages from unknown senders are by default shunted into a separate section in Messages from those sent by contacts, so the issue was always going to be minimal in scope and impact. Even so, it's nice to see that they were able to accomplish some initial mitigation prior to the full fix coming next week.

Ban unicode

[RightwingNutjob]

If it can't be expressed in ASCII, it's not worth writing.

Re:Ban unicode

[Bing+Tsher+E]

Is all of ASCII really needed? My ASR-33 teletype does a fine job with just the seven bit character set. It doesn't even have lower case.

Re:Ban unicode

You and every slashdot editor dream the same thing

Re:Ban unicode

Ascii is 7 bits. 128-255 is EXtENdED asciI.

PuRplE.

Re:Ban unicode

[jareth-0205]

If it can't be expressed in ASCII, it's not worth writing.

No other languages exist in the world.

Re:Ban unicode

They can all be reproduced by placing multiple periods in different locations, thus all you need is ASCII and a xml file specifying where to place each character. So again, everything outside ASCII isn't worth transmitting.

Re:Ban unicode

[RightwingNutjob]

They do, but that's irrelevant; the barbarians can learn to use Latin script like civilized people.

Re:Ban unicode

[AmiMoJo]

Other languages exist, but Unicode sucks for encoding them. Most Japanese, Chinese and Korean software doesn't use Unicode, for example. And most software that claims to support Unicode is broken.

We need to replace Unicode with something better. My suggestion would be:

- 32 bit unsigned is the primary character encoding, with an 8 bit format for legacy systems like email. Compatibility modules for loading UTF8 and UTF16 will be provided. Most text is compressed when transmitted anyway (e.g. HTTP) so 32 bit characters won't have much effort on real load times.

- No combination/composite characters. Unicode is a horrible mix of composite and non-composite, and it makes simple operations like determining the number of characters in a string horrendously complex. With a 32 bit character space there is no need.

- Split out CJK languages. Dedicate entire pages to each, making language detection and font selection trivial.

Re:Ban unicode

Latin scripts do not fit inside ASCII

Re: Ban unicode

Do you know how bad huffman coding of a 32-bit symbol space would be? It would be really fucking slow.
There is a reason it's done byte by byte, you only have 256 iterations per charcter.
With a 32 bit symbol space you have 4,294,967,296 possible charcters, which is 1,073,741,824 per byte...
But wait, you could use a sliding window! Of course, and you have to make the encoding sparse and the window wider to be useful. So maybe it could work, but it'd be a pain in the ass, larger window means larger space. With 256 charcters, even if your window is 4,096 symbols wide, you do a max of 256 heap operations + 2 adjustments of the window tree each iteration. If your symbol space is 32 bits, you would have 4,096 heap operations at max, since they could all be different in the worst case. That's 16 times more operations which ends up making it roughly 64 times slower (because it behaves roughly in N log N).

So 32 bit must use a smaller window, which could be good or bad, but definitely not straightforward!

Archive.org is your friend

Fuck with those apple sheeples

https://web.archive.org/web/20180117063656/iabem97.github.io/chaiOS

Re:Archive.org is your friend

No thanks. I’d rather just give Android users malware.

https://arstechnica.com/search...

It’s much more fun.

Re:Archive.org is your friend

Rather than pull up the search results for ios ("oh but you have to deliberately install and run stuff") I'll laugh about your automated code execution while you wait for someone to click on your "fun"

Re:Archive.org is your friend

[Lunix+Nutcase]

Oh so you mean like the stagefright bug for android?

Re:Archive.org is your friend

Here is another

https://bogdanz.me/work/diddu.html

Re: OK, thanks

You are so new here it hurts.
Go back to whatever shitsite you came from...probably 4chan.

Re:Disabled how?

[AHuxley]

Re "the content of the link itself, not the linked-to content."
Its all part of building on search features https://www.wired.com/2014/10/... (10.20.14) .

Had this on an old Nokia phone

[whoever57]

Some text messages would reliably cause the phone to reboot on delivery of the message.

This would cause an almost endless reboot cycle, until the server gave up attempting to deliver the text message (around 10-20 reboots).

Re:creimer is fat and a gay!!

[sexconker]

Bump it up to coffee stirrer the next time your post this.

Unicode!

[nmb3000]

This is exactly why Unicode support is unsafe and dangerous! Thankfully Slashdot will always be a safe haven from such shenanigans.

HAIL ZALGO

HAIL ZALGO

Re:Disabled how?

[lucm]

Even so, it's nice to see that they were able to accomplish some initial mitigation prior to the full fix coming next week.

It's not "nice", it's a bare minimum.

Re: OK, thanks

[lucm]

There's nothing wrong with being new and nothing wrong with bitching about old news. There is however something wrong with telling people to go away.

Also 4chan is not a "shitsite". The internet is a beautiful mosaic and 4chan is a colorful part of it.

Another day

another apple bug, what a cesspool of code ios must be.

It's still easy to find...

[brendan.robert]

Try the Wayback machine. I found it pretty easily. Really interesting trick. He made a simple HTML file with a link in it, and the HREF of that link has all kinds of crazy garbage in it (unicode characters) which cause the webkit engine to spaz out. Even copying the source out of chrome and pasting into Notepad++ made the text editor freak out a little bit.

Re:It's still easy to find...

And the file is only close to 12 MB with most of the content inside the link.

I wonder if it's just the unicode and size that causes the crash or if there is a special sequence hidden in that junk.

Re:Disabled how?

[Jeremi]

The bug itself is understandable -- the space of all possible Unicode text strings is infinite, and the behavior of a universal text renderer is more subtle than most programmers would imagine. I think most programmers would be susceptible to not handling every use case in every language correctly.

What's disconcerting is that the fault appears to crash the entire OS, not just the one buggy application. Shouldn't memory protection and process segmentation prevent that?

Re:Disabled how?

No, the Apple's software will access the link anyway. Perhaps the bug is even in the Apple's spyware, which harvests data from their product's phones.

Re: OK, thanks

4chan is the information superhighway equivalent of a lumpy biohazard bag lying next to an off-ramp in Detroit.

Re: Disabled how?

It's probably baked into something like the iPhone X Server equivalent, causing the system-wide crash we see here.

Tim's been licking as many arses as he can

It's still not helping much.

Oh you said kick...