The bug affecting Apple products has been christened ‘chaiOS’.
A newly discovered security flaw has been flagged by software developer Abraham Masri. Masri had tweeted about the problem, which can cause iPhones to crash and then restart in some cases.
Masri posted a link to his code on the programming site Github, and the link to the code on the specific page was all that was needed to trigger the iMessage application to crash in many cases.
Masri’s account was suspended but restored a few hours afterwards.
He said, “I made my point. Apple needs to take such bugs more seriously.” He explained he only published the alert to force Apple into dealing with his initial bug report.
A major nuisance
Users don’t even need to click on the link itself within iMessage, as the pressure put on the device from the preview alone is apparently sufficient to throttle it.
On a Mac, the bug also slows the Safari web browser down and drains battery levels. Although the bug is not a security risk, it can be a major nuisance if encountered.
When criticised for uploading the code to Github, Masri said he always reports bugs before releasing them.
The bug I released was to get @Apple's attention. It's just an html file.@Github always hosted jailbreaks (even .ipa files) that might've included malware. I don't understand why you'd ban my account.
Btw, I always report bugs before releasing them.
— Abraham Masri (@cheesecakeufo) January 17, 2018
The link to the malicious code became widely circulated on social media, and Masri responded by removing the code from Github. This renders the attack useless unless someone was to copy the code and post it on another platform to be disseminated again.
Latest Apple bug not a security risk
Security expert Graham Cluley posted about the bug: “Nasty. But, thankfully, more of a nuisance than something that will lead to data being stolen from your computer or a malicious hacker being able to access your files.”
Cluley also said not to be surprised if a security update is rolled out by Apple in the near future to fix this issue.
This bug, while not a security issue, is a problem for Apple following the root access flaw in its High Sierra OS for Mac computers. The flaw allowed anyone with physical access to a Mac to gain privileged system administrator access without entering so much as a password.