This New iOS Bug Allowing Attackers To Crash Messaging App of Any iPhone

Another iPhone bug has been discovered by the owner of famous YouTube channel “EverythingApplePro”. This bug is allowing attackers to crash “Messaging App” of any iPhone Model. A single text message is enough to exploit this security bug of iPhone. When the victim clicks on the message, the messaging app will be crashed and he can’t read any text message, MMS, and iMessage. The iPhone will only show a blank white screen. This is a serious flaw because the crashing of the Messaging app will continue even after rebooting the device.

The Whole Scenario

The attackers could exploit this security bug of iPhone by sending so many codes of lines, which are unprocessable by the Messaging App of targeted device. It is possible to send this long code through a contact which is in vCard format. The vCard is a file format standard which has been used in text messaging. When the attacker will send that malicious vCard, the Messaging App will try to open it as usual. The device will not be able to process that vCard and as the result, it will freeze the app.

See the POC Video: https://goo.gl/y7pim6

Is the Rebooting a Solution?

Not at all. This a serious security flaw. The iOS Message App tries to open the most recent text message when the user opens it. If the victim has clicked on the malicious message, still it will be in process and the app will try to open it. But the device can’t process the message. As the result, the app will get a freeze and even after rebooting the device, Message App will remain same and the victim can’t read any message.

In the last week of November, the same security researcher also discovered another security flaw which was freezing Apple devices. The attackers were using a small video clip to exploit this security flaw. All the versions of iOS, expecting “iOS 10.2 Beta 3” were vulnerable to this video clipping attack. The attackers were sending that video link as a short URL through social media or direct text message link. When the victim was clicking on that link, the device was getting crashed.

Any Solution?

We strongly recommend all the iPhone users to not to click on such type of messages. Don’t be panic if you have clicked on it by mistake. There are two ways to fix this freezing problem:

A solution has been provided by the young French developer Vincent (@vincedes3) to solve this problem. Visit “vincedes3.com/save.html”. It will open a new window to cancel the current message reading process. It will delete the malicious message.

You can send a message to yourself in Siri. By doing this, the app will process the latest message and it will cancel the processing of the malicious message. You can also ask someone else to send you a text message.

Source: securityaffairs.co

Similar Articles: