Malicious link can crash your Apple device

iPhone, iPad and Mac users are in danger: malicious link can crash the device

Malicious link can crash your Apple device

Apple devices are in danger. A malicious link has been noticed spreading via Messages app that can cause iPhone, iPad or Mac freeze. According to the latest data, malware exploits a bug in Apple devices. However, the recent iOS 11.2.5 beta 6 update fixes it.

The news about a malicious link, known as “text bomb,” was reported on Twitter.[1] It included a link to Github page. Typically, activation of malware requires clicking the link, but not this time. Even receiving it in the Message app might cause problems with Apple devices.

Software developer Abraham Masri discovered this bug in Apple device and named it chaiOS. He posted its discovery on GitHub, but it was immediately. Though, Apple knows about the issue and provided the fix in the recent update.

The exploitation of chaiOS bug allows crashing Messages app on both iOS and Mac devices, locking devices screen and similar problems. Fortunately, this issue cannot cause any harmful activities, such as an installation of malware or letting attackers get full control over the device.

This issue seems to be more than a prank than a serious cyber threat. However, people who received this message are advised not to send it to their friends. Instead of that, users should delete the conversation and fix their devices.

Quitting Messages app helps to avoid device crash

It seems that malware takes advantage of Messages feature that allows previewing links. Therefore, receiving the message is enough to freeze your device. In order to avoid this situation, users are suggested to quit Messages app.

Users who got their devices infected are suggested to quit the app, open it again and delete the entire message thread. If you got the malicious link on Mac, you have to right-click on the person’s name and choose to delete conversation option.

If you received a “text” bomb on iOS, you have to swipe to the right on a person’s name in order to find delete conversation option. Additionally, users can protect their devices by blocking Github domain in Parental Restrictions settings:

  1. Go to iPhone’s or iPad’s settings;
  2. Access General.
  3. Navigate to Restrictions.
  4. Tap on Websites.
  5. Choose Limit Adult Content.
  6. Add GitHub.io to the Never Allow list.

However, as we have already mentioned, the recent iOS update is supposed to fix the chaiOS bug. Thus, iOS users are advised not to avoid installation of this recent update.

Similar bugs were detected in the past

chaiOS bug is not the first one that can crash Macs and iPhones. In 2013,[2] Apple devices were crashed by using a string of Arabic characters. This issue was referred to as “Unicode of death” because it crashed web browsers and iMessages. Additionally, email programs were also disturbed by this string of corrupted characters.

In 2015, “Effective power” bug[3] was used for resetting iPhones. Devices were crashed by an Arabic script again. However, it was used more as a prank than a real cyber threat. However, it proves that Apple still struggles with these kinds of bugs for a while. Thus, users are advised to be careful and do not rush opening received links in order to keep their devices running smoothly.

About the author
Olivia Morelli
Olivia Morelli - PC & Mac repair expert

Olivia Morelli is a young, but a perspicacious IT expert who is currently just a year away from a Bachelor’s Degree in Software Systems. Her primary passion is cyber security, however, thanks to her detailed understanding of computer networks, operating systems and hardware, she can find a fix for any PC or Mac issue...

Contact Olivia Morelli
About the company Esolutions

References