UPDATED 14:20 EST / APRIL 24 2020

iphone APPS

‘Text bomb’ bug in iOS crashes Apple devices via app notifications

Apple Inc. users are being advised to disable notifications on their iPhones and iPads to block a newly discovered bug that can be abused to remotely crash iOS devices.

The so-called “text bomb” flaw, detailed today by CNET, causes iOS devices to freeze up if they receive an app notification with a particular combination of characters. The string includes characters from the Sindhi language and the emoji icon for the Italian flag.

It’s also possible to receive a crash-inducing message via social networks such as Twitter, as well as other services that allow users to share text with one another and use native iOS alerts.

That the bug requires minimal technical know-how to exploit means there could be a wave of malicious messages targeting Apple devices in the coming days. Fortunately, mitigating the issue is simple as well: Users merely need to disable notifications on their devices until a patch is available. Moreover, even if an iPhone or iPad does receive the string, iOS has a mechanism that automatically restarts a crashed device and users can also perform the process manually.

Apple has reportedly already fixed the bug in the next version of iOS, 13.4.5, which is currently in beta. That’s the same release with which the iPhone maker will roll out a patch for the zero-day vulnerability detailed earlier this week by cybersecurity startup ZecOps Inc. The vulnerability allows hackers to gain access to Apple Mail by sending the intended victim a malware-laden email that triggers its payload even if the user doesn’t open it.  

Apple said in a statement today that it found no evidence of hackers actively exploiting the flaw. Previously, however, ZecOps reported that it had seen the vulnerability used in cyberattacks targeting Fortune 2000 companies, cybersecurity service providers and other organizations. The startup recommended that users switch from Apple Mail to other email clients such as Outlook and Gmail, which are apparently not vulnerable, until the patch rolls out.

Zero-day exploits and text bomb bugs are periodically discovered in iOS. The previous, since-fixed text bomb was more severe, having allowed malicious senders not only to crash a victim’s iPhone but also to disable access to popular apps.

Photo: Unsplash

Since you’re here …

Show your support for our mission with our one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will suggest relevant enterprise and emerging technology content to you. Thanks!

Support our mission:    >>>>>>  SUBSCRIBE NOW >>>>>>  to our YouTube channel.

… We’d also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.