Slashdot Mirror

← Back to Stories (view on slashdot.org)

'Text Bomb' Is Latest Apple Bug (bbc.com)

Posted by BeauHD on from the headache-inducing dept.

An anonymous reader quotes a report from the BBC: A new "text bomb" affecting Apple's iPhone and Mac computers has been discovered. Abraham Masri, a software developer, tweeted about the flaw which typically causes an iPhone to crash and in some cases restart. Simply sending a message containing a link which pointed to Mr Masri's code on programming site GitHub would be enough to activate the bug -- even if the recipient did not click the link itself. Mr Masri said he "always reports bugs" before releasing them. Apple has not yet commented on the issue. On a Mac, the bug reportedly makes the Safari browser crash, and causes other slowdowns. Security expert Graham Cluley wrote on his blog that the bug does not present anything to be particularly worried about -- it's merely very annoying. After the link did the rounds on social media, Mr Masri removed the code from GitHub, therefore disabling the "attack" unless someone was to replicate the code elsewhere.

27 of 60 comments (clear)

  1. Where's the video? by bogaboga · · Score: 1

    causes an iPhone to crash and in some cases restart. Simply sending a message containing a link which pointed to Mr Masri's code on programming site GitHub would be enough to activate the bug -- even if the recipient did not click the link itself. Mr Masri said he "always reports bugs" before releasing them.

    I usually love seeing such bugs in action. Anyone can point us to the video?

    1. Re:Where's the video? by FFOMelchior · · Score: 1

      Hopefully Computerphile does a vid on it. They did a great one on Effective Power: https://www.youtube.com/watch?...

  2. Replace CEO by Anonymous Coward · · Score: 3, Insightful

    Apple's got a real general malaise problem, lately. The fix is likely to replace the CEO and possibly other high-up executives because they've focused too much on other crap, and not on the core-business. If Tim Cook, (for example,) wants to be the CEO of a watch company, or a headphone company, let him go do that.

    Apple is a computer company, even if they removed the word "computer" from their name. Of course this is merely my opinion, but I'll tell you this for sure: unless and until Apple shapes up its act, I am not buying any more Apple products, or products that only work with Apple products. If it comes to pass that I need a new computer and/or cellphone before Apple pulls its corporate head out of its corporate ass, I will switch to something else. (Case in point, I recently obtained an old MacBook that Apple has decided is obsolete, and put GNU/Linux on it, in preparation for doing the same with my iMac, which once I don't need it for my iPhone anymore, that will be it, and I will unApplify my life. I'll probably get a dumb-phone, and go back to the days when I navigated for myself, etc., and not rely on the increasingly unreliable kludgey crap coming from Apple nowadays.

    1. Re:Replace CEO by Narcocide · · Score: 3, Informative

      This seems underrated to me. Maybe ditching the CEO is going a bit too far, but they definitely need to get serious about software QA.

    2. Re:Replace CEO by Hal_Porter · · Score: 1

      The free market demands a blood sacrifice in order for Apple to have expiation

      --
      echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
    3. Re: Replace CEO by tsa · · Score: 1

      Not only software. Appleâ(TM)s hardware use to be worth the money but now itâ(TM)s overpriced and not as ergonomic and useful as it used to be. Thanks to it not being upgradable its cost per year and its impact on the environment has exploded too.

      --

      -- Cheers!

    4. Re: Replace CEO by Godwin+O'Hitler · · Score: 1

      Their apostrophes were better in the olden days too.

      --
      No, your children are not the special ones. Nor are your pets.
    5. Re: Replace CEO by tsa · · Score: 1

      See? Everything was better back then. :P

      --

      -- Cheers!

    6. Re:Replace CEO by mjwx · · Score: 1

      Apple's got a real general malaise problem, lately. The fix is likely to replace the CEO and possibly other high-up executives because they've focused too much on other crap, and not on the core-business. If Tim Cook, (for example,) wants to be the CEO of a watch company, or a headphone company, let him go do that.

      Apple is a computer company, even if they removed the word "computer" from their name. Of course this is merely my opinion, but I'll tell you this for sure: unless and until Apple shapes up its act, I am not buying any more Apple products, or products that only work with Apple products. If it comes to pass that I need a new computer and/or cellphone before Apple pulls its corporate head out of its corporate ass, I will switch to something else. (Case in point, I recently obtained an old MacBook that Apple has decided is obsolete, and put GNU/Linux on it, in preparation for doing the same with my iMac, which once I don't need it for my iPhone anymore, that will be it, and I will unApplify my life. I'll probably get a dumb-phone, and go back to the days when I navigated for myself, etc., and not rely on the increasingly unreliable kludgey crap coming from Apple nowadays.

      I hate to be the one to break it to you, but Apple has been like that since the 2000's. They've just lost their cult of personality.

      They've always produced unreliable, klugey crap but previously had good marketing and a legion of rabid fanboys to attack anyone suggesting it wasn't the best thing since Jesus made pancakes out of wine.

      An Iphone 8 isn't worse than an Iphone 3, it's just that people are seeing them for the overpriced crap they are. Replacing the CEO wont do anything to change that because the previous CEO got rid of anyone who would challenge him, that means he got rid of anyone remotely capable of maintaining a cult of personality like he did.

      --
      Calling someone a "hater" only means you can not rationally rebut their argument.
  3. Text? by Anonymous Coward · · Score: 1

    Link?

  4. Is it really a bug though?? by Anonymous Coward · · Score: 1

    I don't know about all of you, but I'm getting really excited just waiting to see how SuperKendall will enlighten us all as to how this is a feature that benefits each and every disciple of the Apple world. This is gonna be good.

    +1 troll

  5. Slowdowns? by AHuxley · · Score: 1

    As part of that crash and other slowdowns result is the user's password getting revealed in plain text again?

    --
    Domestic spying is now "Benign Information Gathering"
  6. Re:Disabled how? by Anubis+IV · · Score: 1

    The Messages app's default behavior has it load a preview of the linked-to content, hence why the linked-to content can—and in this case did—cause problems.

    Anyway, previews can be toggled on or off in settings, it's possible to delete the offending messages via settings if Messages becomes inaccessible, and messages from unknown senders are by default shunted into a separate section in Messages from those sent by contacts, so the issue was always going to be minimal in scope and impact. Even so, it's nice to see that they were able to accomplish some initial mitigation prior to the full fix coming next week.

  7. Re:Ban unicode by Bing+Tsher+E · · Score: 1

    Is all of ASCII really needed? My ASR-33 teletype does a fine job with just the seven bit character set. It doesn't even have lower case.

  8. Re:Disabled how? by AHuxley · · Score: 1

    Re "the content of the link itself, not the linked-to content."
    Its all part of building on search features https://www.wired.com/2014/10/... (10.20.14) .

    --
    Domestic spying is now "Benign Information Gathering"
  9. Had this on an old Nokia phone by whoever57 · · Score: 4, Interesting

    Some text messages would reliably cause the phone to reboot on delivery of the message.

    This would cause an almost endless reboot cycle, until the server gave up attempting to deliver the text message (around 10-20 reboots).

    --
    The real "Libtards" are the Libertarians!
  10. Re:creimer is fat and a gay!! by sexconker · · Score: 2

    Bump it up to coffee stirrer the next time your post this.

  11. Re:Archive.org is your friend by Lunix+Nutcase · · Score: 1

    Oh so you mean like the stagefright bug for android?

  12. Re:Ban unicode by jareth-0205 · · Score: 4, Insightful

    If it can't be expressed in ASCII, it's not worth writing.

    No other languages exist in the world.

  13. Unicode! by nmb3000 · · Score: 2

    This is exactly why Unicode support is unsafe and dangerous! Thankfully Slashdot will always be a safe haven from such shenanigans.

    --
    "What do you despise? By this are you truly known." --Princess Irulan, Manual of Muad'Dib
    /)
  14. Re:Ban unicode by RightwingNutjob · · Score: 1

    They do, but that's irrelevant; the barbarians can learn to use Latin script like civilized people.

  15. Re:Disabled how? by lucm · · Score: 1

    Even so, it's nice to see that they were able to accomplish some initial mitigation prior to the full fix coming next week.

    It's not "nice", it's a bare minimum.

    --
    lucm, indeed.
  16. Re: OK, thanks by lucm · · Score: 1

    There's nothing wrong with being new and nothing wrong with bitching about old news. There is however something wrong with telling people to go away.

    Also 4chan is not a "shitsite". The internet is a beautiful mosaic and 4chan is a colorful part of it.

    --
    lucm, indeed.
  17. It's still easy to find... by brendan.robert · · Score: 1

    Try the Wayback machine. I found it pretty easily. Really interesting trick. He made a simple HTML file with a link in it, and the HREF of that link has all kinds of crazy garbage in it (unicode characters) which cause the webkit engine to spaz out. Even copying the source out of chrome and pasting into Notepad++ made the text editor freak out a little bit.

  18. Re:Disabled how? by Jeremi · · Score: 1

    The bug itself is understandable -- the space of all possible Unicode text strings is infinite, and the behavior of a universal text renderer is more subtle than most programmers would imagine. I think most programmers would be susceptible to not handling every use case in every language correctly.

    What's disconcerting is that the fault appears to crash the entire OS, not just the one buggy application. Shouldn't memory protection and process segmentation prevent that?

    --


    I don't care if it's 90,000 hectares. That lake was not my doing.
  19. Re:Ban unicode by AmiMoJo · · Score: 1

    Other languages exist, but Unicode sucks for encoding them. Most Japanese, Chinese and Korean software doesn't use Unicode, for example. And most software that claims to support Unicode is broken.

    We need to replace Unicode with something better. My suggestion would be:

    - 32 bit unsigned is the primary character encoding, with an 8 bit format for legacy systems like email. Compatibility modules for loading UTF8 and UTF16 will be provided. Most text is compressed when transmitted anyway (e.g. HTTP) so 32 bit characters won't have much effort on real load times.

    - No combination/composite characters. Unicode is a horrible mix of composite and non-composite, and it makes simple operations like determining the number of characters in a string horrendously complex. With a 32 bit character space there is no need.

    - Split out CJK languages. Dedicate entire pages to each, making language detection and font selection trivial.

    --
    const int one = 65536; (Silvermoon, Texture.cs)
    SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  20. Re:Move along nothing to see here by Baton+Rogue · · Score: 1

    "Mr Masri removed the code from GitHub, therefore disabling the "attack" unless someone was to replicate the code elsewhere."

    It's called Forking, and probably was done by many people before he removed the code. This is rather reckless on his part to make the exploit available before Apple has a chance to patch it.