Create an account


Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
AppleInsider - Fixed iMessage bug bricked iPhones using malformed message

#1
Fixed iMessage bug bricked iPhones using malformed message

<div style="margin: 5px 5% 10px 5%;"><img src="http://www.sickgaming.net/blog/wp-content/uploads/2019/07/fixed-imessage-bug-bricked-iphones-using-malformed-message.jpg" width="1" height="1" title="" alt="" /></div><div><p><!-- font size selector, BEGIN --> <span class="cfix">&nbsp;</span> </p>
<p class="gray small byline"> By <a href="https://appleinsider.com/cdn-cgi/l/email-protection#1b767a77787477765b7a6b6b777e727568727f7e6935787476">Malcolm Owen</a> <br /><span class="gray">Friday, July 05, 2019, 12:45 pm PT (03:45 pm ET)</span> </p>
<p> <span><span class="article-leader">Details of a now-patched bug in iMessage have been revealed by a Google Project Zero researcher, a problem that could have forced users to wipe and restore their iPhones to get them working again, if they received a malformed message. <br /></span></p>
<div align="center">
<div class="article-img"><img src="http://www.sickgaming.net/blog/wp-content/uploads/2019/07/fixed-imessage-bug-bricked-iphones-using-malformed-message.jpg" alt height="368" class="lazy" data-original="http://www.sickgaming.net/blog/wp-content/uploads/2019/07/fixed-imessage-bug-bricked-iphones-using-malformed-message-1.jpg"><img src="http://www.sickgaming.net/blog/wp-content/uploads/2019/07/fixed-imessage-bug-bricked-iphones-using-malformed-message-1.jpg"></div>
<p><span class="minor2 small gray"></span></div>
<p>Released by <a href="https://bugs.chromium.org/p/project-zero/issues/detail?id=1826">Google Project Zero</a>, the search company’s bug and vulnerability-discovery team, the issue relates to a specific type of malformed message that is sent out to a victim device. As per usual disclosure rules, the bug was held from public view until either 90 days had elapsed or a patch had been made broadly available to the public, with Apple’s release in an iOS 12.3 update fixing the bug and allowing for it to be revealed. </p>
<p>Specifically, the message contains a property with a key value that is not a string, despite one being expected. Calling a method titled IMBalloonPluginDataSource _summaryText, the method assumes the key in question is a string, but does not verify it is the case. </p>
<p>The subsequent call for IMBalloonPluginDataSource replaceHandlewithContactNameInString calls for im_handleIdentifiers for the supposed string, which in turn results in a thrown exception. </p>
<p>While the message can affect both Mac and iPhone, they do so in different ways. For macOS, the error causes “soagent” to crash and respawn, making it a relatively brief issue where, at worst, the Messages app stops working. </p>
<p>On iPhone, the code is in Springboard, and will repeatedly load, crash, and reload itself to a point that the UI cannot be displayed and the iPhone ceases to respond to input by the user. As the problem survives a hard reset, and starts occurring again after unlocking the iPhone, the only known solution is to reboot into recovery mode and restore the device. </p>
<p>As part of the disclosure, Google Project Zero has also released instructions to reproduce the issue. </p>
<p><em>AppleInsider</em> recommends users keep their iPhones up to date where possible, and to retain backups of their devices and stored data. </p>
<p>Malformed messages have been the source of some issues for iMessage users in the past. One major example is the “<a href="https://appleinsider.com/articles/18/05/09/black-dot-unicode-bug-crashes-ios-messages-app-using-invisible-characters">Black Dot</a>” Unicode bug from 2018 that abused invisible characters to crash the app on iPhones and iPads running iOS 11.3. </p>
<p>Another 2018 “<a href="https://appleinsider.com/articles/18/01/16/theres-a-new-malicious-link-that-can-crash-or-hang-messages-and-safari">text bomb</a>” exploited unoptimized rendering processes for OpenGraph page titles to create excessively long tags, again causing crashes. Another from 2015 used a <a href="https://appleinsider.com/articles/15/05/26/bug-in-ios-notifications-handling-crashes-iphones-with-a-simple-text">single line of Arabic script</a> to consume iOS resources when rendering, but only when it appeared as a notification. </p>
<p></span> </p>
</div>
Reply



Forum Jump:


Users browsing this thread:
1 Guest(s)

Forum software by © MyBB Theme © iAndrew 2016