In iMessage has been found a vulnerability that disables iPhone. To restore its work, user may have to sacrifice all the data on the device. The cause of the failure is incorrectly generated message with a certain text key.Natalie Silvanovich of Google Project Zero discovered the bug. You can restore the device, but all data will be lost.
The vulnerability was discovered in April and fixed in May with iOS 12.3.
The cause of the failure is an incorrectly formed message, where a text key is present, which will be mistaken for a string. This leads to the launch of certain exceptions, which disables the device.
Silvanovich explains in a blog post that “the – [IMBalloonPluginDataSource individualPreviewSummary] method in IMCore can trigger an NSException due to a malformed message containing an attribute with the IMExtensionPayloadLocalizedDescriptionTextKey key, the value of which is not NSString”.
On Mac computers, this process crashes and starts up again. However, on iPhone, this code is part of Springboard, the application responsible for the iOS main screen.
«This method calls [IMBalloonPluginDataSource _summaryText], which returns an attribute, taking it as a string, but not checking it. The method then calls – [IMBalloonPluginDataSource _replaceHandleWithContactNameInString:], and it in turn calls im_handleIdentifiers in “NSString”, which is in fact NSNumber, which causes an exception, since there is no selector for this class”, – summarizes researcher.
As a result, the receipt of this message causes Springboard to complete and resume work time after time. Because of this is no longer displayed user’s interface and device can no longer respond to user’s commands.
Forced reset in this situation does not help – the phone remains inoperable after unlocking. The only way to recover iPhone is to reboot into recovery mode and start recovery. However, in this case data on the device will be lost.
This is not the first time that the iPhone can be disabled by sending a single message.
In February 2018, it turned out that in attempt to cause malfunction of Apple devices, it is enough to send a single word to the device – జ్ఞా. If macOS, iOS, or watchOS received the message in which it is contained, the system was frozen up because Apple’s text engine had problems processing the word.
జ్ఞా is the Indian word for Telugu, which requires several characters to be written. The literal translation of a word without context is “sign”.
If a message with a dangerous word was displayed as a notification on the lock screen of the iPhone or iPad, and then the user tried to open it, this caused the Springboard to stop working. As a result, iOS itself was frozen. The reboot did not help, because the system again tried to display the symbol, which again led to frozening. The only way out was to log into the affected application from another device and delete the message.
User Review( votes)