UPDATED 14:20 EST / APRIL 24 2020

APPS

‘Text bomb’ bug in iOS crashes Apple devices via app notifications

Apple Inc. users are being advised to disable notifications on their iPhones and iPads to block a newly discovered bug that can be abused to remotely crash iOS devices.

The so-called “text bomb” flaw, detailed today by CNET, causes iOS devices to freeze up if they receive an app notification with a particular combination of characters. The string includes characters from the Sindhi language and the emoji icon for the Italian flag.

It’s also possible to receive a crash-inducing message via social networks such as Twitter, as well as other services that allow users to share text with one another and use native iOS alerts.

That the bug requires minimal technical know-how to exploit means there could be a wave of malicious messages targeting Apple devices in the coming days. Fortunately, mitigating the issue is simple as well: Users merely need to disable notifications on their devices until a patch is available. Moreover, even if an iPhone or iPad does receive the string, iOS has a mechanism that automatically restarts a crashed device and users can also perform the process manually.

Apple has reportedly already fixed the bug in the next version of iOS, 13.4.5, which is currently in beta. That’s the same release with which the iPhone maker will roll out a patch for the zero-day vulnerability detailed earlier this week by cybersecurity startup ZecOps Inc. The vulnerability allows hackers to gain access to Apple Mail by sending the intended victim a malware-laden email that triggers its payload even if the user doesn’t open it.  

Apple said in a statement today that it found no evidence of hackers actively exploiting the flaw. Previously, however, ZecOps reported that it had seen the vulnerability used in cyberattacks targeting Fortune 2000 companies, cybersecurity service providers and other organizations. The startup recommended that users switch from Apple Mail to other email clients such as Outlook and Gmail, which are apparently not vulnerable, until the patch rolls out.

Zero-day exploits and text bomb bugs are periodically discovered in iOS. The previous, since-fixed text bomb was more severe, having allowed malicious senders not only to crash a victim’s iPhone but also to disable access to popular apps.

Photo: Unsplash

A message from John Furrier, co-founder of SiliconANGLE:

Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.

Join Our Community 

Click here to join the free and open Startup Showcase event.

“TheCUBE is part of re:Invent, you know, you guys really are a part of the event and we really appreciate your coming here and I know people appreciate the content you create as well” – Andy Jassy

We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.

Click here to join the free and open Startup Showcase event.