Bug in iOS Unicode handling crashes iPhones with a simple text

Posted:
in iPhone edited June 2015
A peculiar iOS bug apparently that allows pranksters to crash a victim's iPhone by sending a text message from their own iPhone containing what appears to be a single line of seemingly innocuous Arabic script.




AppleInsider reader Kaitlyn on Tuesday discovered that receiving the Unicode characters seen in the screenshot above through Apple's iOS Messages app triggers iPhone restarts, lockouts from Messages, Springboard crashes and more.

A thread on Reddit narrowed down the system crash and reboot errors to iOS Unicode handling. More specifically, the Unicode string in question is part of a much longer block of text that cannot be fully rendered in Notifications.

When a text or iMessage containing the text string is received and presented in the lock screen or as a drop-down notification, iOS gobbles up resources trying to render the message, ultimately causing Springboard to crash. The same line of code doesn't cause problems when received as part of a normal Messages conversation, suggesting the issue lies in part with iOS Notifications.

Some suggest turning off Messages previews for Notifications, though our tests have not shown this process to be effective. If Messages has already crashed, however, AppleInsider has confirmed that receiving a new message, sending out a picture from Photos or sending yourself a message through Share Sheets will stop the process.
«1

Comments

  • Reply 1 of 36
    roakeroake Posts: 624member
    The text says, "Allah praise our great Muslim leader, Obama!"

    Apple is just resisting socialism by letting this crash the phone.
  • Reply 2 of 36
    roake wrote: »
    crash the phone.

    As the Joker would say, very poor choice of words. :lol:
  • Reply 3 of 36

    It's says "Apple is doomed buy Samsung's copy instead" in Arabic.

  • Reply 4 of 36
    pscooter63pscooter63 Posts: 912member
    Gee, I wonder if more memory would help.
    /s
  • Reply 5 of 36
    slurpyslurpy Posts: 5,115member
    roake wrote: »
    The text says, "Allah praise our great Muslim leader, Obama!"

    Apple is just resisting socialism by letting this crash the phone.

    Thanks for that brain cell killing trash post.

    And as someone who can read Arabic, you can all rest assured that message is nothing but random letters.
  • Reply 6 of 36
    torsteinotorsteino Posts: 18member
    pscooter63 wrote: »
    Gee, I wonder if more memory would help.
    /s
    Most likely not.
  • Reply 7 of 36
    rogifanrogifan Posts: 10,669member
    And just to show how dumb today's society is, there are people intentionally trying to crash their phone with this. WTF? Unless you work at Apple and are responsible for fixing software bugs why on earth would you try to replicate this?
  • Reply 8 of 36
    MarvinMarvin Posts: 14,208moderator
    I don't understand why this kind of bug keeps cropping up:

    http://arstechnica.com/apple/2013/08/rendering-bug-crashes-os-x-and-ios-apps-with-string-of-arabic-characters/

    They have access to the whole alphabet before they deploy this, how hard is it to run a whole series of character strings through it to check if it crashes? Worst case if Messages detects a crash 2 or 3 times, have a procedure to collapse the last few messages to allow the app to open and delete the offending message. Or have the text rendering process separate from the app the way the Safari content engine is so it can crash by itself and leave the app open.
  • Reply 9 of 36
    lightknightlightknight Posts: 2,312member
    Quote:

    Originally Posted by Rogifan View Post



    And just to show how dumb today's society is, there are people intentionally trying to crash their phone with this. WTF? Unless you work at Apple and are responsible for fixing software bugs why on earth would you try to replicate this?



    1- Because it's better to know what causes the crash in order to avoid it

    2- Because the lack of understanding gnaws at the soul of any scholar, researcher, and hacker worth its salt

    3- Because a bug report is much more likely to be useful if it states the exact problem rather than "my iMessages sucks it crashes I liked my Samsung better"

    4- Because programmers like to debug stuff, even if it's not their awful mess (and it would seem that Apple has a few awful messes laying around, based on the security issues we've read of here), which is a good thing (if you need an analogy, your sentence reads a bit like "journalists are intentionally spreading rumours of trouble with this.WTF? Unless you work at the Government and are responsible for lawful presidential conduct why on earth would you try to uncover this?").

     

    In other words, people narrowing bugs down is a good thing.

  • Reply 10 of 36
    rogifanrogifan Posts: 10,669member

    1- Because it's better to know what causes the crash in order to avoid it
    2- Because the lack of understanding gnaws at the soul of any scholar, researcher, and hacker worth its salt
    3- Because a bug report is much more likely to be useful if it states the exact problem rather than "my iMessages sucks it crashes I liked my Samsung better"
    4- Because programmers like to debug stuff, even if it's not their awful mess (and it would seem that Apple has a few awful messes laying around, based on the security issues we've read of here), which is a good thing (if you need an analogy, your sentence reads a bit like "journalists are intentionally spreading rumours of trouble with this.WTF? Unless you work at the Government and are responsible for lawful presidential conduct why on earth would you try to uncover this?").

    In other words, people narrowing bugs down is a good thing.

    No I'm specifically talking about the average Joe who hears about this on AI or MR and then tries to replicate it. Stupid.
  • Reply 11 of 36
    lightknightlightknight Posts: 2,312member
    Quote:

    Originally Posted by Rogifan View Post





    No I'm specifically talking about the average Joe who hears about this on AI or MR and then tries to replicate it. Stupid.

    Oh, I understand your point now. I guess if it teaches something to them as well, like the fact there even is a difference between encodings, the existence of Unicode ( and UTF-8 being compatible with ASCII, and some characters like ? being platform dependent...) and ISO 8859-6 (or whatever else they used to generate the Arabic in the first place), it's not entirely lost, but it's sadly likely that Average Joe will indeed just try to find a pre-made "crash string" to send to his friends and not even try to understand the logic behind the problem...

  • Reply 12 of 36
    fordeefordee Posts: 15member
    Marvin> Do you know how many thousand Unicode characters there are? Impossible to try combinations of more than a few characters.
  • Reply 13 of 36
    Quote:

    Originally Posted by Rogifan View Post



    And just to show how dumb today's society is, there are people intentionally trying to crash their phone with this. WTF? Unless you work at Apple and are responsible for fixing software bugs why on earth would you try to replicate this?



    Clearly for the lulz. I fail to see why this is a big deal - except for Apple's reputation.

  • Reply 14 of 36
    MarvinMarvin Posts: 14,208moderator
    fordee wrote: »
    Marvin> Do you know how many thousand Unicode characters there are? Impossible to try combinations of more than a few characters.

    They wouldn't have to test every character that's supported, just every character that is in active use and they can flag characters outside their tested set for added checking. The combinations would still reach trillions of trillions but supercomputers can crunch through quadrillions of computations per second now so they could test a significant range. The easiest way would probably be to have a buffered rendering step so they'd take the string, run a new process and render it there first. If that process renders ok, either use the result or run it again in the main app. If that separate process crashes or fails in some way, just put up a message saying that the string failed to render.
  • Reply 15 of 36
    nolamacguynolamacguy Posts: 4,758member
    rogifan wrote: »
    No I'm specifically talking about the average Joe who hears about this on AI or MR and then tries to replicate it. Stupid.

    er, no - the average joe spends zero time on tech rumor sites. generally we're techies here, and we like to play with things like this for fun.
  • Reply 16 of 36
    mobiusmobius Posts: 377member
    rogifan wrote: »
    And just to show how dumb today's society is, there are people intentionally trying to crash their phone with this. WTF? Unless you work at Apple and are responsible for fixing software bugs why on earth would you try to replicate this?
    Fun
  • Reply 17 of 36
    muadibemuadibe Posts: 132member
    So what genius decided to print the actual text in an article? Seems pretty irresponsible.
  • Reply 18 of 36
    krreagankrreagan Posts: 218member
    Quote:
    Originally Posted by Rogifan View Post



    And just to show how dumb today's society is, there are people intentionally trying to crash their phone with this. WTF? Unless you work at Apple and are responsible for fixing software bugs why on earth would you try to replicate this?

    Why not? People are curious and this seems harmless enough to send to _yourself_. As long as there is an "out" who cares.

  • Reply 19 of 36
    sirlance99sirlance99 Posts: 1,142member
    muadibe wrote: »
    So what genius decided to print the actual text in an article? Seems pretty irresponsible.

    It's on Reddit and every other publication about this (which is about 5 now) that I've read. Not hard to find at all.
  • Reply 20 of 36
    waterrocketswaterrockets Posts: 1,231member
    Quote:
    Originally Posted by krreagan View Post

     

    Why not? People are curious and this seems harmless enough to send to _yourself_. As long as there is an "out" who cares.


     

    It's also pretty funny any time you can control someone else's experience as a prank. When I was an intern engineer back in the day, we used to "net send" all sorts of silly stuff to the artists on the team, who were not up on the technical tools.

Sign In or Register to comment.