Coding error locks author with last name 'True' out of iCloud

Posted:
in iCloud edited March 6
A seeming flaw in iCloud's coding has seemingly prevented an author from being able to access her account, due to its interpretation of her surname "True."




Author Rachel True complained on Twitter about not being able to log into her iCloud account. According to tweets since February 27, the author has been unable to access her account for six months, for what appears to be a coding issue.

One tweet raising the issue shows a diagnostic screen stating "iCloud has stopped responding," offering to send diagnostic data to Apple, reports iMore. The details section of the window mentions "cannot set value true' to property lastName' as part of what would be sent off.

Anyone else getting this error from Apple iCloud ? In past or now?
I'm 6 months deep freeze & looking for any help.
I rem dead coding languages like kobalt.. & this seems like an Apple coding issue -- not hardware pic.twitter.com/05EJmG3d6Y

-- Rachel True (@RachelTrue)


It appears that iCloud is interpreting the last name of "true" as a boolean flag rather than as a text string, which the program cannot properly interpret and breaks.

True claims she has been on the phone to Apple's customer care for multiple hours about the problem, but to no avail. Later tweets has the author proposing a bug has been identified and could qualify her for a bug bounty reward.

As of March 6, True still doesn't have any access to the account, but was informed Apple will get in touch on Monday or Tuesday with further assistance.
«13

Comments

  • Reply 1 of 42
    elijahgelijahg Posts: 2,011member
    Someone has missed out quotation marks near the use of "lastName". The ease of implicit typecasting in some languages eventually comes back to bite you in the ass. Could probably inject some JS to fix it.
  • Reply 2 of 42
    nguyenhm16nguyenhm16 Posts: 203member
    She should commiserate with Bobby Tables:
    https://xkcd.com/327/
    rcfabeowulfschmidtfastasleep
  • Reply 3 of 42
    She could try using the AppleID site to change her last name to _True 
    watto_cobraFileMakerFeller
  • Reply 4 of 42
    larryalarrya Posts: 581member
    Last week I couldn’t see a custom column in MS Project’s object model because I named it “Application”. 
    watto_cobraFileMakerFeller
  • Reply 5 of 42
    Can't phone support get you to the correct person to solve this? If not email Tim Cook, Eddy Cue and Craig Federighi with a detailed explanation and someone from the executive team will call you - it won't be one of those three but it will be someone that in fact can get this solved. I had a super super super weird issue once and emailed them and sure enough someone called me who assured me that while she didn't know how to fix it, she verified the super super super weird issue and assured me she has smart people that she can contact and get it solved for me. Sure enough, they did! It may have helped them solve a criminal enterprise situation in China too.
    watto_cobracornchipjas99FileMakerFeller
  • Reply 6 of 42
    Just curious. Does John False have the same problem.
    watto_cobraabracadabragc_ukjas99FileMakerFeller
  • Reply 7 of 42
    Rayz2016Rayz2016 Posts: 6,679member
    Dear Apple. 

    Do better.  

    (signed: Ebenezer Eustace Nullpointerexception)
    KaseyKeiserjas99FileMakerFeller
  • Reply 8 of 42
    lkrupplkrupp Posts: 8,925member
    Amazing how these outlying, one off cases gain immediate traction. And she now thinks she’s entitled to a bug bounty?
    watto_cobra
  • Reply 9 of 42
    DAalsethDAalseth Posts: 1,463member
    For a long time the name of my home network was Null. It worked too, on a couple of occasions I had to let a coworker in to do some remote work on one of my systems, and the connection would choke when they put Null in for the network name. 
    watto_cobrafirelock
  • Reply 10 of 42
    elijahgelijahg Posts: 2,011member
    lkrupp said:
    Amazing how these outlying, one off cases gain immediate traction. And she now thinks she’s entitled to a bug bounty?
    Why not? It's a bug.
    firelockmuthuk_vanalingamCloudTalkinjas99
  • Reply 11 of 42
    dewmedewme Posts: 3,453member
    This is a very embarrassing defect that should have been caught with proper interface testing. This is exactly the kind of bug that fuzz testing will help identify, i.e., innocuous strings being misinterpreted as commands or logic. It's also a classic case of the developers/testers not properly recognizing an ingress point into their processing. Everything that gets presented to the processing through an external mechanism, whether through interfaces, APIs, or caller supplied content (including text, graphics, attachments, links, files, etc.) is an ingress point that must be validated and handled properly.

    When you look at broad swaths of security vulnerabilities you'll often see that the developer/programmer failed of recognize, overlooked, or ignored a very fundamental thing, like an ingress mechanism or an execution path, i.e., an execution path exposed during exception or crash handling or default unwinding by the OS or runtime engine. Failing to account for these exceptional conditions is what I call "Happy Path Programming." Unfortunately there's been way too much grief and sadness that comes from happy path programming.
    jas99FileMakerFeller
  • Reply 12 of 42
    rivertriprivertrip Posts: 123member
    elijahg said:
    lkrupp said:
    Amazing how these outlying, one off cases gain immediate traction. And she now thinks she’s entitled to a bug bounty?
    Why not? It's a bug.
    Verdad!
  • Reply 13 of 42
    palegolaspalegolas Posts: 1,315member
    Ouch, this is pretty poor. Feels like in the hands of someone malicious, blunders like this is what hackers are looking for.
    jas99
  • Reply 14 of 42
    crowleycrowley Posts: 7,510member
    lkrupp said:
    Amazing how these outlying, one off cases gain immediate traction. And she now thinks she’s entitled to a bug bounty?
    Outlying one-off cases are what security breaches are made of. It is definitely a bug.

    Try being less bitter.
    cornchipelijahgCloudTalkinDogpersonmuthuk_vanalingamuraharafahlmanFileMakerFeller
  • Reply 15 of 42
    Like many companies, Apple has built a firewall between their tech support and their developers for reasons no one can fathom. If you have tried to give a bug report to a tech support person, you will know what I mean. They insist on trying to solve the problem which they can't because it's a bug and they don't have the source code in front of them. You would think that tech support could easily file bug reports and would be encouraged to do so but no. That would be unthinkable!
    FileMakerFeller
  • Reply 16 of 42
    netroxnetrox Posts: 996member
    What are the conditions of bug bounty that allow her to receive the bounty? 


  • Reply 17 of 42
    Can John False confirm the issue? 
    Edit: Epotenziani beat me to it. We must be friends with the same person...
    edited March 7 netrox
  • Reply 18 of 42
    MarvinMarvin Posts: 14,423moderator
    elijahg said:
    lkrupp said:
    Amazing how these outlying, one off cases gain immediate traction. And she now thinks she’s entitled to a bug bounty?
    Why not? It's a bug.
    Disclosing it publicly looks like it disqualifies it:

    https://developer.apple.com/security-bounty/

    "Not disclose the issue publicly before Apple releases the security advisory for the report."

    It also has to be a bug that gives access to secure info, it can't just be any random bug. This probably doesn't do that, it's just assuming it's a boolean type instead of string and failing to assign it. Databases run checks for input types. She claims it's not allowing login so that suggests it was able to store it in the database originally and it's the login from the device that's not allowing it to access it.

    I'd have expected a bug like that to be fixed sooner than months but they probably get millions of bug reports every day and they will have to filter the ones that reach the people capable of fixing it.
    netrox
  • Reply 19 of 42
    dysamoriadysamoria Posts: 3,138member
    This crap just never ends. It's amazing how things can go wrong, and it's irritating how there's zero accountability. In fact, there are armies of geeks out there to defend their pet tech from reasonable criticism, or just defend programming/tech in general.

    Semi-related issue of my own:
    I haven't been able to log into the iCloud.com website on my Macs for months. It started with my iMac, then also my MacBook Pro. I don't think iOS will let you even try, but by now I am sick of trying. It's not just me, as I've seen people post about it elsewhere (and they apparently had to call Apple Support, which I'm not keen to do just out of how much anxiety these kinds of obstructionist phone systems generate for me, though it supposedly should be a free call because it's about services).

    So far, no news sites want to make an issue about it to embarrass Apple into addressing it. Luckily, I don't currently NEED to log in to iCloud.com, but some day I might. I assume I will have to use someone else's computer. I don't even get the login box from my Macs.
    elijahg
  • Reply 20 of 42
    dysamoriadysamoria Posts: 3,138member
    PS: The comment posting function on the article page seems not to work. It filled the box with some other page, which said "the conversation has been closed".
Sign In or Register to comment.