{"id":96188,"date":"2019-07-05T19:45:19","date_gmt":"2019-07-05T19:45:19","guid":{"rendered":"https:\/\/appleinsider.com\/articles\/19\/07\/05\/fixed-imessage-bug-bricked-iphones-using-malformed-message"},"modified":"2019-07-05T19:45:19","modified_gmt":"2019-07-05T19:45:19","slug":"fixed-imessage-bug-bricked-iphones-using-malformed-message","status":"publish","type":"post","link":"https:\/\/sickgaming.net\/blog\/2019\/07\/05\/fixed-imessage-bug-bricked-iphones-using-malformed-message\/","title":{"rendered":"Fixed iMessage bug bricked iPhones using malformed message"},"content":{"rendered":"

 <\/span> <\/p>\n

By Malcolm Owen<\/a>
Friday, July 05, 2019, 12:45 pm PT (03:45 pm ET)<\/span> <\/p>\n

Details of a now-patched bug in iMessage have been revealed by a Google Project Zero researcher, a problem that could have forced users to wipe and restore their iPhones to get them working again, if they received a malformed message.
<\/span><\/p>\n

\n
<\/div>\n

<\/span><\/div>\n

Released by Google Project Zero<\/a>, the search company’s bug and vulnerability-discovery team, the issue relates to a specific type of malformed message that is sent out to a victim device. As per usual disclosure rules, the bug was held from public view until either 90 days had elapsed or a patch had been made broadly available to the public, with Apple’s release in an iOS 12.3 update fixing the bug and allowing for it to be revealed. <\/p>\n

Specifically, the message contains a property with a key value that is not a string, despite one being expected. Calling a method titled IMBalloonPluginDataSource _summaryText, the method assumes the key in question is a string, but does not verify it is the case. <\/p>\n

The subsequent call for IMBalloonPluginDataSource replaceHandlewithContactNameInString calls for im_handleIdentifiers for the supposed string, which in turn results in a thrown exception. <\/p>\n

While the message can affect both Mac and iPhone, they do so in different ways. For macOS, the error causes “soagent” to crash and respawn, making it a relatively brief issue where, at worst, the Messages app stops working. <\/p>\n

On iPhone, the code is in Springboard, and will repeatedly load, crash, and reload itself to a point that the UI cannot be displayed and the iPhone ceases to respond to input by the user. As the problem survives a hard reset, and starts occurring again after unlocking the iPhone, the only known solution is to reboot into recovery mode and restore the device. <\/p>\n

As part of the disclosure, Google Project Zero has also released instructions to reproduce the issue. <\/p>\n

AppleInsider<\/em> recommends users keep their iPhones up to date where possible, and to retain backups of their devices and stored data. <\/p>\n

Malformed messages have been the source of some issues for iMessage users in the past. One major example is the “Black Dot<\/a>” Unicode bug from 2018 that abused invisible characters to crash the app on iPhones and iPads running iOS 11.3. <\/p>\n

Another 2018 “text bomb<\/a>” exploited unoptimized rendering processes for OpenGraph page titles to create excessively long tags, again causing crashes. Another from 2015 used a single line of Arabic script<\/a> to consume iOS resources when rendering, but only when it appeared as a notification. <\/p>\n

<\/span> <\/p>\n","protected":false},"excerpt":{"rendered":"

  By Malcolm Owen Friday, July 05, 2019, 12:45 pm PT (03:45 pm ET) Details of a now-patched bug in iMessage have been revealed by a Google Project Zero researcher, a problem that could have forced users to wipe and restore their iPhones to get them working again, if they received a malformed message. Released […]<\/p>\n","protected":false},"author":2,"featured_media":96189,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[57],"tags":[164],"class_list":["post-96188","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-apple-insider","tag-iphone-ipad-ios"],"_links":{"self":[{"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/posts\/96188","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/comments?post=96188"}],"version-history":[{"count":0,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/posts\/96188\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/media\/96189"}],"wp:attachment":[{"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/media?parent=96188"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/categories?post=96188"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/tags?post=96188"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}