Text bomb, text bomb, you're my text bomb! Naughty HTML freezes Messages, Safari, etc

Apple font code on iOS, macOS knackered by texted link

By John Leyden

Posted in Personal Tech, 19th January 2018 06:19 GMT

A specially crafted webpage will knacker Apple's Messages and Safari software on iOS and macOS, allowing miscreants to spread merry mischief by texting fans a link to the dastardly HTML.

The page also causes other programs, such as TextEdit on Macs, to hang when opened. This is due to, from what we can tell, it being stuffed with characters that confuse the operating system's font-rendering code, resulting in applications hanging forever or being automatically killed.

The programming blunder in the iGiant's display code is triggered by, according to a note in the aforementioned webpage, overloading "the title property with massive characters containing heavy ligature." This, it seems, causes the rendering routines, or components related to them, to enter an infinite loop and thus become unresponsive. This leaves folks with non-working software.

Several copies and mirrors of the crafty HTML have been taken down from the web but at time of writing you can find a copy at hxxxp://cydia.furcode.co/chaiOS2. Open entirely at your own risk.

Crucially, a victim may not have to explicitly click or tap on the link to activate the attack. For example, if you text the URL to pal and their Messages app fetches it automatically to display a preview, then it's game over. The HTML is rendered and the code is hijacked.

The naughty script was apparently the work of Abraham Masri, aka CheeseCakeUFO on Twitter, who shared it online as a proof-of-concept demo of the bug:

Bang ... Clicking on that link in Messages, Safari or similar will knackered the device

It's not thought the script is capable of performing more than a denial of service; it doesn't trigger the execution of arbitrary code, for example.

“[This is] more of a nuisance than something that will lead to data being stolen from your computer or a malicious hacker being able to access your files,” said infosec pundit and Mac fan Graham Cluley in a blog post this week.

Text bomb vulnerabilities that affect Apple's software are rare but far from unprecedented. For example, in 2015, it emerged a sequence of characters referred to as Effective Power would reboot iPhones. Similar stuff was seen in 2013.

We're told Apple is working on a patch to close down the prankster-friendly hole, and this is expected to be released next week. ®

Sign up to our NewsletterGet IT in your inbox daily

35 Comments

More from The Register

Apple leak: If you leak from Apple, we'll have you arrested, says Apple

Doing China's bidding seems to have rubbed off on Cupertino

Apple to devs: Give us notch support or … you don't wanna know

App updates must use iOS 11 SDK and support iPhone X from July 2018 onwards

Apple unleashes FoundationDB as an open source project

Secretive company talks up the need for open community

Apple's QWERTY gets dirty leaving fanbois shirty

MacBook owners demand recall over cruddy keyboard

Apple store besieged by protesters in Paris 'die-in' over tax avoidance

Furious Francs flay fruit-phone flinger for financial finagling in false fatality fracas

Apple's new 'spaceship' HQ brings the pane for unobservant workers

911 transcripts tell of staff lying on ground, heads bleeding

Shazam! The sound of EC shoving probe in Apple's plan to buy name-that-tune app

Show us your data says Euro Commish

Apple somehow plucks iPad sales out from 13-quarter death spiral

Off the mortuary Fondleslab

Apple to devs: Code for the iPhone X or nothing from April onwards

It's therefore safe to assume the notch is not going away any time soon

Apple 'wellness' unit launched for staff: The genius will see you now

Handy with a blood draw? Medics' jobs up for grabs