A bug in Apple’s text rendering engine makes it possible to crash both iOS and Mac systems simply by sending them a specific string of as few as six characters. The likely cause? Buggy code in how Apple renders right-to-left languages such as Arabic.
Paul Ducklin analyses the bug on Sophos’ Naked Security blog. As he notes, while the exact cause isn’t clear, the fact that the strings seen to cause the issue always include an Arabic character. While there’s no evidence of the bug being used maliciously to install other malware, it can definitely create a nuisance:
It can quickly become disruptive, since an offending string can be placed by an outsider into all sorts of otherwise unexceptionable places where you might stumble across it by mistake: web page titles, email subject lines, even Wi-Fi access point names.
Apple hasn’t commented officially on the bug, so we’ll have to hope that it is fixed in a subsequent release. TechCrunch reports that the issues doesn’t seem to affect iOS 7 or Mavericks, and notes that Facebook is already blocking attempts to post the damaging string of characters on its site.