A bug in Apple’s text rendering engine makes it possible to crash both iOS and Mac systems simply by sending them a specific string of as few as six characters. The likely cause? Buggy code in how Apple renders right-to-left languages such as Arabic.
Paul Ducklin analyses the bug on Sophos’ Naked Security blog. As he notes, while the exact cause isn’t clear, the fact that the strings seen to cause the issue always include an Arabic character. While there’s no evidence of the bug being used maliciously to install other malware, it can definitely create a nuisance:
It can quickly become disruptive, since an offending string can be placed by an outsider into all sorts of otherwise unexceptionable places where you might stumble across it by mistake: web page titles, email subject lines, even Wi-Fi access point names.
Apple hasn’t commented officially on the bug, so we’ll have to hope that it is fixed in a subsequent release. TechCrunch reports that the issues doesn’t seem to affect iOS 7 or Mavericks, and notes that Facebook is already blocking attempts to post the damaging string of characters on its site.
Apple apps turned upside down writing right to left – you’re only 6 characters from a crash! [Naked Security]
Comments
6 responses to “How To Crash iOS Or Mac With One String”
Don’t tell the Syrian electronic army.
sounds like the windows 98 con/con bug on steroids
Ah good old winnuke I used this when someone was beating me at quake, or when someone annoyed me on IRC.
Just don’t call it a virus or malware.. don’t want Apple people thinking their computers are at risk from such things… :p
so what’s the string?
seriously.
Macs are perfect… Apple is perfect… why do say hateful things like this… WHY !!!
LA LA LA… I CAN’T HEAR YOU 😉
Reality is that as much as Apple will tell you it’s not a vector for Malware… any such bug in any OS is always a wedge that smart smart motivated malefiicents will find a way to pry open and do naughty bad things.
Personally I run my Macs without any anitmalware and I enjoy that for now. One day the party will be over and we’ll be installing Symantec the same as Windows.