Fix for 'chaiOS' malicious link that crashes Messages coming in next iOS update
The iPhone-crashing "chaiOS" bug in Messages is getting a fix, with Apple confirming that a patch is due "next week" to solve the problem.
The website that induced the bug, once hosted on Github, exploited a bug for OpenGraph page titles by creating an excessively long tag. When Messages attempts to render a preview of the link, the app then crashes or hangs, forcing a reboot.
To clear the problem, users have to delete the conversation in which they received the link and start over. Messages gets top billing, but AppleInsider testing also found Safari and Chrome on macOS to be somewhat vulnerable.
Spread of the exploit has been somewhat limited by Github pulling the site that would cause the crash, but presumably, it can be duplicated elsewhere before the patch is issued by Apple.
It is not clear if the "next week" timetable provided by Apple means a release of iOS 11.2.5 which contains the fix, or if the company will issue iOS 11.2.3 in the meantime.
The website that induced the bug, once hosted on Github, exploited a bug for OpenGraph page titles by creating an excessively long tag. When Messages attempts to render a preview of the link, the app then crashes or hangs, forcing a reboot.
To clear the problem, users have to delete the conversation in which they received the link and start over. Messages gets top billing, but AppleInsider testing also found Safari and Chrome on macOS to be somewhat vulnerable.
Spread of the exploit has been somewhat limited by Github pulling the site that would cause the crash, but presumably, it can be duplicated elsewhere before the patch is issued by Apple.
It is not clear if the "next week" timetable provided by Apple means a release of iOS 11.2.5 which contains the fix, or if the company will issue iOS 11.2.3 in the meantime.
Comments