iPhone character entry glitch crashes search, but it's not a bad bug

Jump to First Reply
Posted:
in iOS

A recently discovered bug in iOS and iPadOS has been causing brief and mostly inconsequential crashes when a sequence of characters is typed into specific search fields.

An iPhone displaying a virtual keyboard with a search bar above it, set against a purple background.
A small bug is affecting iOS search



On August 21, 2024, a security researcher reported that typing the characters "":: into the Search bar within the Settings app or the App Library search bar on the home screen would cause the Apple mobile interface, Springboard, to momentarily crash. The device then reloads quickly, returning the user to the lock screen.

Our testing of the bug revealed that typing these characters did indeed cause a quick crash, meaning Settings closed and Spotlight returned to the Home Screen. However, there are mixed results.

We tried it on an iPhone and iPad running the latest iOS 18.1 developer beta and one running iOS 17.6.1. Some people said that only Settings and Spotlight crashed, while others found that it also crashed the App Library. There does not appear to be commonality between what crashes, on which device, running which operating system.

Security researcher Konstantin first shared the news via X.



There's currently no fix for this bug, but it's worth noting that it's not a significant issue. Users can avoid typing these characters into the search bars within the Settings app or the App Library on their iPhones or iPads to escape the problem.

Now that the bug is getting attention, Apple will fix it in some upcoming software update.



Read on AppleInsider

Comments

  • Reply 1 of 7
    mike1mike1 Posts: 3,472member
    OK. I'll try not to do that.
    tokyojimuwatto_cobra
     2Likes 0Dislikes 0Informatives
  • Reply 2 of 7
    eriamjheriamjh Posts: 1,817member
    How am I supposed to find my “”::s if I can’t search for them?
    watto_cobra
     1Like 0Dislikes 0Informatives
  • Reply 3 of 7
    Why would someone search for  this and how did they find it in the first place? 
    watto_cobramike1
     2Likes 0Dislikes 0Informatives
  • Reply 4 of 7
    Ooo fun 🤩 time to trick people
    watto_cobra
     1Like 0Dislikes 0Informatives
  • Reply 5 of 7
    netroxnetrox Posts: 1,543member
    I was able to replicate the bug in App Library. It's interesting how quickly it reloads though. 
     
    I agree, the bug is not so significant. It's hard to imagine how you would benefit from using that specific string.


    watto_cobra
     1Like 0Dislikes 0Informatives
  • Reply 6 of 7
    sbdudesbdude Posts: 306member
    Who is typing random characters into search bars to come up with this?
    watto_cobra
     1Like 0Dislikes 0Informatives
  • Reply 7 of 7
    dewmedewme Posts: 5,950member
    sbdude said:
    Who is typing random characters into search bars to come up with this?
    It’s not necessarily a “who” but more likely a “what” in the form of software testing tools that employ what’s known as fuzzing or fuzz testing. These tools essentially try to find character sequences that cause a process to crash when using the processes exposed interfaces. 

    Obviously it would take an enormous amount of computing resources to fuzz test something using a black box. Having some knowledge of how the underlying code should work helps constrain the fuzz testing to a smaller range so the number of tests is reasonable in the allotted time. 

    So the answer to your question is that throwing “random characters” at a software interface is a completely rational thing to do in certain cases. I’d imagine that there are a few people who employ fuzzing tools to find bugs in other people’s apps, especially in the security domain. In fact, the characters and character sequences used are likely not as random as the appear. Certain characters, mostly non alphabetical ones, are used as escape characters to instruct a text based parser to interpret to perform more than simply grab the characters as state text. 
    edited August 2024
    IreneW
     1Like 0Dislikes 0Informatives
Sign In or Register to comment.