Another day, another malicious line of code that, when received, will crash the shit out of your phone. This time, it was posted to Twitter by the bloke who found it.
The software developer, Abraham Masri, found the bug while he was “fuzzing with the operating system”, meaning, he was intentionally trying to break it. That’s not an uncommon thing for big nerds to do, but what he probably shouldn’t have done was post the shit to social media.
Dubbed “chaiOS“, the bug crashes your iPhone via iMessage when it receives a link to a GitHub page containing the code. Because iMessage generates a preview of any link it receives, it processes the code without any required action from the user. In other words, you don’t have to tap the link for it to fuck you up.
“The device will freeze for a few minutes. Then, most of the time, it resprings,” Twitter user @aaronp613 – who tested the bug – told BuzzFeed. After that, the app won’t load and will continue to crash. The bug was tested on an iPhone X and iPhone 5s, affecting iOS 10.0 through to 11.2.5 beta 5.
The bug also allegedly affects Mac computers. Unlike the last iMessage bug that behaved similarly to “chaiOS”, this one uses hundreds of thousands of characters inserted into a webpage’s metadata, rather than the short string of Unicode characters.
Because the operating system never really expects to be bombarded with such a huge amount of data, it shits itself in protest.
The original GitHub link in Masri’s tweet has since been removed, so don’t worry about that one spreading, but there are fears the code has been duplicated and posted elsewhere. In the wrong hands, all that’s needed to grief the shit out of you is your phone number.
If you are unlucky enough to cop the code, you’ll probably have to restore your iPhone to factory settings to get it working properly again. So it’s not going to completely brick your phone, but you might lose all of your images and other things in the restore, which, of course, is a huge pain in the ass.
In light of this, I’d recommend making a backup of your phone as soon as you can. That way, if you do happen to get stung, you can restore your phone to its current state after reverting to factory settings.
You can also try switching on the setting in the tweet below, which will stop the preview being generated, but only if the code is reposted to GitHub.
As for why old mate posted the code in the first place – he reckons Apple has been ignoring his bug reports, so this was simply a way of getting their attention. Sure, I get that, but I’d wager the large majority of users aren’t going to come across such an issue in everyday use, unless some asshole posts it for the world to see.
Stay safe on the line, folks.