Apple Provides Workaround for Unicode iMessage Bug

Apple has provided users a workaround for a bug in iMessage that allows someone to crash devices by sending a specially crafted text message.

Apple has quickly given iPhone users a workaround for a pesky iMessage bug that’s been making the rounds this week.

The bug, which some users have dubbed a “text message attack,” has been frustrating many iPhone users since surfacing on Wednesday. It occurs when a user receives a text message that consists of a specific combination of English and Arabic characters.

The attack, which first came to light on Reddit, doesn’t do any damage to data on phones, but it has proved quite meddlesome. Akin to a denial of service attack, the hack forces victims to restart their phones, something that’s wound up annoying scores of iPhone users since the attack first surfaced two days ago.

The attack became so widespread that Apple was required to issue a workaround on Thursday.

According to instructions published on Apple’s Support site users are encouraged to do one of three things if their phone is hit with the “malicious message”:

  • Ask Siri to “read unread messages.”
  • Use Siri to reply to the message – then open Messages.
  • In messages, swipe left to delete the thread, or tap and hold the message, tap more, and delete the message from the thread.

It’s unclear how the string of characters is technically affecting iOS but the bug appears to be an issue with the phone’s notification system. Some iPhone users have claimed on Twitter and Reddit that the hack is only forcing their devices to reset when the Unicode message is received as a drop down notification, or when the phone is locked.

A report from The Guardian is claiming the bug also affects Apple Macs, iPads, and the company’s latest ballyhooed device, the iWatch.

While the attack began making the rounds on Wednesday, certain elements of the bug may actually date back to 2013. A similar issue found that summer, affected Apple’s font rendering framework, the CoreText API, on both OS X 10.8.4 and iOS 6.1.3 and also caused users’ iPhones to crash when sent a message containing a certain string of Arabic characters.

Apple claims it will make a fix for the “malicious message” bug available in a future software update.

Suggested articles

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.