BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

Edit Story

iPhone Arabic Text Bug Can Flatline Apple Macs Too

Following
This article is more than 8 years old.

The world lost its proverbial marbles over a bug in iPhones today, which meant a single line of Arabic text in iMessage could force the Apple devices to turn off. What many haven’t realised is that the same problem exists in Apple Macs too, a researcher explained to FORBES.

The issue lies in how Apple devices render characters in unicode, a widely-deployed standard that uses binary code to represent text or script characters, known as “glyphs”. Unicode makes it easier for the likes of Apple, Microsoft and other major operating system manufacturers to display and process the thousands of different glyphs from across the world.

In the case of the Apple bug, a specific sequence of unicode glyphs aren’t understood by either iOS or Mac OS X. When the phone or computer can’t decide what to do next, it caves and turns off.

This might seem trivial, but denial of service attacks like this can prove useful for hackers who want to either extort or disrupt targets. Any businesses relying heavily on Apple could now be targeted and knocked offline if a user can be tricked into opening the string, which consists of specific Arabic characters detailed in a separate FORBES story earlier today.

“An attacker can leverage this issue to cause immediate denial of service issues on affected platforms and applications, however further impact is not yet known and will require further research,” Mathew Hickey, principal security consultant at MDSec, told FORBES over email.

“A common attack vector is to send the glyphs as SMS or instant messages which when rendered on an iOS device can cause the device to reboot due to core iOS frameworks crashing.

“As the issue also affects OS X applications, a malicious party could set the triggering text as a server message of the day or welcome message, causing a user’s terminal to crash when authenticating to network services. An attacker could also prevent an OS X user from accessing the console until a fix is available by placing the triggering text in key system file locations.”

Hickey isn't sure how many applications could be used to exploit the denial of service bug, adding that any application that handles unicode could be affected. "That may include email applications or other instant messaging platforms, however at present only a small number of applications are known to be affected including iOS SMS and OS X Terminal. The issue requires a software patch for the affected framework to prevent exploitation."

There was no word from Apple on when a patch might be ready. "We are aware of an iMessage issue caused by a specific series of unicode characters and we will make a fix available in a software update," a spokesperson said.