Do not use this trick to crash your friends iPhones.

**harrybarracuda** · 28-05-2015, 03:29 PM

Just do not.

Update – 6:45pm – The problem very much still exists. Use the code below for educational purposes, with the recipients consent please.

Last night MacRumors.com reported that a new bug has been discovered that affects all users of the popular iPhone.

The bug affects the iMessage and SMS app on the iPhone, and when a user sends a specific string of characters to an iPhone it can cause an immediate reboot of the iPhone. The bug was first reported in a Reddit.com thread and has quickly spread around the globe in hopes that there is a solution to the problem.

The specific message contains specific Arabic characters and symbols:

Power
لُلُصّبُلُلصّبُررً ॣ ॣh ॣ ॣ
冗

and if sent to users of iPhones, it can cause the message app to crash and reboot the phone. Once you reboot the phone and attempt to open the message app in list view, the app will crash again.

**Neverna** · 28-05-2015, 03:36 PM

One has to wonder how someone somehow stumbles across how a random set of Arabic letters followed by a few weird symbols and a single Chinese character will crash a phone app.

Amazing.

**baldrick** · 28-05-2015, 03:42 PM

turn off banner display of text message contents

**Necron99** · 28-05-2015, 03:46 PM

Originally Posted by Neverna

One has to wonder how someone somehow stumbles across how a random set of Arabic letters followed by a few weird symbols and a single Chinese character will crash a phone app.

Amazing.

They don't, they look at the code of the app and see if the coders have made an error by not allowing for a valid condition to exist.

**baldrick** · 28-05-2015, 05:33 PM

for the ipeople

If some git has sent you the message already you can fix the issue by getting a friend to send you a normal text message to flush it out of the way, although if you reopen the killer message, you're back to square one.

**harrybarracuda** · 29-05-2015, 02:03 PM

Originally Posted by baldrick

for the ipeople

If some git has sent you the message already you can fix the issue by getting a friend to send you a normal text message to flush it out of the way, although if you reopen the killer message, you're back to square one.

You can ask Siri to send you a message.

Just say "Siri, I am a gay twat so please send me a message telling me what a gay twat I am".

**thaimeme** · 29-05-2015, 05:24 PM

Just another great and positive advancement in the world of electronic gadgetry.

Aren't we blessed?

.....and become rightly sucked into it.
Catatonic.

**PlanK** · 29-05-2015, 07:30 PM

How do I C&P this into a phone?

**baldrick** · 29-05-2015, 09:18 PM

Originally Posted by thaimeme

Aren't we blessed?

with lack of irony ?

**DrB0b** · 29-05-2015, 09:28 PM

Originally Posted by Necron99

Originally Posted by Neverna

One has to wonder how someone somehow stumbles across how a random set of Arabic letters followed by a few weird symbols and a single Chinese character will crash a phone app.

Amazing.

They don't, they look at the code of the app and see if the coders have made an error by not allowing for a valid condition to exist.

We pop the hood

75-byte character assassination - Apple was so close yet so far

27 May 2015 at 19:07, Iain Thomson
Analysis Cads and/or bounders can crash and reboot iPhones from afar by sending them specially crafted texts, thanks to a new vulnerability in iOS.

A 75-byte sequence of unicode characters triggers the glitch, and can be smuggled into text messages, causing iThings to crash if they appear in the victim's notification screen. Texting the data to your pals will force their devices to reboot if they try to open it from the notification panel.

The string-of-death crashes applications that use Apple's CoreText library. OS X is vulnerable, too, so sticking the killer sequence in your server's /etc/motd file will crash Terminal when a Mac user logs in, for example.

The flaw was spotted on Tuesday by a Redditor who received the message shown on the right, which caused their smartphone to crash and reboot to recover. The attack has been replicated on other iOS devices such as Apple's smartwatch.

The problem isn’t with the Arabic characters themselves, but in how the unicode representing them is processed by CoreText, which is a library of software routines to help apps display text on screens.

The bug causes CoreText to access memory that is invalid, which forces the operating system to kill off the currently running program: which could be your text message app, your terminal, or in the case of the notification screen, a core part of the OS.

The crash happens at the instruction at 0x0af42d in CoreText, which is 229 bytes into the TOpenTypeMorph::ApplyGlyphFeatureTags procedure: glyph feature tags describe how symbols should be displayed. The code, on a 64-bit Intel Mac, looks like this

0x0af423 mov rax, qword [ds:rsi+rax+0x8] 0x0af428
test rax, rax 0x0af42b
je 0xaf449 0x0af42d
mov r12d, dword [ds:rax] At 0x0af428,

CoreText checks whether or not the value in the CPU register rax is zero: if it is, it skips the next part. If not, at 0x0af42d it tries to read a 32-bit value from memory using rax as the memory address.

In other words, it tries using rax as a pointer after checking it is not NULL – this is all well and good, and supposed to trap this sort of crash, except rax ends up with the value 0x04 so the NULL check is useless in this case.

Apple's engineers tried to avoid this sort of meltdown, but the checks were not enough. Typically, nothing is mapped in at that low address; the read triggers a page fault, and the program is blown away by the kernel:

Exception Type: EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000004

There is something about the text sequence that causes rax to end up with a wild low value; it should be rather higher and point into a valid area of data in memory – pop your answers on a postcard to the address below if you find out why before we do.

CoreText is common to iOS and OS X. Previous bugs in its unicode handling have appeared in both operating systems. It appears iOS 8 is affected by this latest flaw, and OS X 10.10; earlier builds may also be vulnerable.

One way around the issue is to turn off lock screen notifications, which if you haven't received the problematic text message should keep you safe, although it is inconvenient.

If some git has sent you the message already you can fix the issue by getting a friend to send you a normal text message to flush it out of the way, although if you reopen the killer message, you're back to square one.

"We are aware of an iMessage issue caused by a specific series of unicode characters and we will make a fix available in a software update," an Apple spokesperson told us via email. ®

CoreText reverse-engineered by Chris Williams.
That EVIL TEXT that will CRASH your iPhone: We pop the hood ? The Register

**slackula** · 30-05-2015, 07:50 AM

Originally Posted by harrybarracuda

Do not use this trick to crash your friends iPhones.

Notice how Harry the Android user is all smug about this?

It's because he doesn't have any friends and so is unaffected by the bug.

**harrybarracuda** · 30-05-2015, 01:36 PM

Originally Posted by quimbian corholla

Originally Posted by harrybarracuda

Do not use this trick to crash your friends iPhones.

Notice how Harry the Android user is all smug about this?

It's because he doesn't have any friends and so is unaffected by the bug.

You've got an iphone haven't you?

**slackula** · 30-05-2015, 03:55 PM

Originally Posted by harrybarracuda

You've got an iphone haven't you?

Actually not - I use a Nokia X

Thread: Do not use this trick to crash your friends iPhones.

Thread Tools

Display

Do not use this trick to crash your friends iPhones.

Thread Information

Users Browsing this Thread

Posting Permissions