ChaiOS Bug Can Cause iMessage App Crash Loop

Software developer Abraham Masri discovered a bug that affects Apple devices. Reminiscent of the old “Effective Power” bug that could crash the iMessage app, the ChaiOS bug is another text bomb that, when sent to other users, will cause the recipient's application to crash in a continuous loop.

Masri demonstrated the proof of concept bug by creating a webpage hosted on GitHub and stuffed the site’s metadata with hundreds of thousands of unnecessary characters. The software developer said that the app crashes when trying to load all the unexpected information and that it was capable of crashing the whole operating system. MacRumors tested the bad link, and saw how the bug reliably caused the Messages app to freeze entirely.

ChaiOS also affects MacOS. Apple rolled out fixes to address the flaw for iOS 11.2.5 beta 6. Meanwhile, a final release is expected sometime soon with iOS 11.2.5 and MacOS High Sierra 10.13.3, watchOS 4.2.2, and tvOS 11.2.5.

According to Trend Micro Mobile researcher Lilang Wu, malformatted characters in the message causes the Webkit HTML engine to crash when the link is opened in Safari. However, Wu added that since the HTML file contains multiple malformatted characters, CoreText (which creates text layouts using character-to-glyph conversion, and then positions the glyphs in lines and paragraphs) will spend more CPU resources to match fonts for them. This results in the HTML to freeze the app or cause it to crash.

While Apple's ecosystem relatively sees fewer vulnerabilities and attacks, it's not perfect. For instance, last year, a malicious profile known as by iXintpwn/YJSNPI (detected by Trend Micro as TROJ_YJSNPI.A) rendered an iOS device unresponsive. A separate iOS malware discovered in 2016 exploits a vulnerability in Apple’s Digital Rights Management (DRM) mechanism, allowing attackers to install malicious apps on the device after bypassing security measures. In 2017, Trend Micro also discovered a new variant of the iXintpwn/YJSNPI (detected by Trend Micro as IOS_YJSNPI.A) that lures users into downloading repackaged apps

The bug is a proof concept, and doesn’t seem to serve any other purpose but to irritate and prank Apple users. Users with devices affected by ChaiOS can quit the iMessage app on Mac or iOS, open it again, and delete the entire message thread. On Mac, swipe right on the trackpad or right click on to the person’s name to delete the conversation. While on iOS, swipe right on a person’s name to bring up the delete option.

Trend Micro solutions for iOS and Mac devices

iOS users can take advantage of mobile security solutions such as Trend Micro™ Mobile Security for Apple devices for Apple devices (available on the App Store). Likewise, Trend Micro’s Mobile App Reputations Service (MARS) covers iOS threats using leading sandbox and machine learning technology. It protects users against malware, zero-day and known exploits, privacy leaks, and application vulnerability.

Trend Micro™ Mobile Security for Enterprise provides device, compliance, and application management, data protection, and configuration provisioning. It also protects devices from attacks that leverage vulnerabilities, prevents unauthorized access to apps, as well as detects and blocks malware and fraudulent websites.

Trend Micro Antivirus for Mac is powered by the Smart Protection Network, with constantly updated threat intelligence that can catch malware before it gets out of hand. Accordingly, it protects against identity theft, malicious websites, and excessive privacy invasions.

HIDE

Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.

Опубликовано в Vulnerabilities & Exploits, Mobile, iOS, Mac OS