The so-called ChaiOS message bug identified this week in Apple iOS devices will receive a fix with the rollout of the update for iOS 11.2.5, expected next week.

The update will address a flaw software developer Abraham Masri publicly identified in a tweet earlier this week, according to multiple published reports. The flaw causes the iMessage app on iOS devices to freeze, crash or restart.

Macs are also affected. A macOS High Sierra 10.13.3 update is expected later this month to fix the flaw.

Both Buzzfeed and MacRumors are reporting Apple confirmed an iOS fix would be available next week. While Apple won’t divulge specifics on the fix, news site WCCFTECH  and others confirm that iOS 11.2.5 Beta 6, released late Wednesday, fixes the bug.

Apple did not return requests for comment.

The ChaiOS message bug, also called a “text bomb” flaw, made headlines Tuesday when Masri posted a hyperlink to code on his GitHub repository that activated the flaw. Recipients receiving messages via the iMessage app containing the link to the malicious code hosted on GitHub reported devices freezing and in some cases crashing. Recipients only needed to receive the malicious messages for the flaw to work, clicking on the link wasn’t required.

Meanwhile, Mac users reported the bug made their Safari browser crash or causes systems to slowdown.

Since the initial report, Masri has removed the malicious code from his GitHub repository, but there is concern the code may be reposted elsewhere.

The bug’s impact on systems appears to be mostly a nuisance, with no reported side effects other than system freezes, crashes and restarts. Recipients of the malicious hyperlink need to quit the iMessaging app and delete the conversation to correct the problem.

According to Masri, the flaw takes advantage of Apple software developer guidelines that allowed a programmer to insert extra characters into a website’s HTML in order to customize the thumbnail image and title associated with hyperlink previews seen inside the iMessage app.

Masri was able to create iMessage “text bombs” by inputting hundreds of thousands of characters into a webpage’s metadata instead of just a few. That overloaded the app and caused iOS and MacOS to generate the multiple errors.

Source: ThreatPost

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!