Apple ‘chaiOS’ flaw can crash your iPhone and macOS with a single text message

Share if you likedShare on Facebook0Share on Google+0Tweet about this on TwitterShare on LinkedIn0

Abraham Masri (security researcher and software developer) has found a security issue called “chaiOS Text Bomb” in Apple’s operating systems (iOS and macOS) that could be exploited to freeze or crash your iPhone, Mac or iPad.

“chaiOS is a malicious iOS bug that can cause the target device to freeze, respring, drain the battery, and possibly kernel panic. It is developed by the eminent jailbreak developer, Abraham Masri.”

The exploitation of this flaw is very easy, all that is required for a phone to be sent a text message that includes a link to a web page hosting a JavaScript code. The iMessage app fails to correctly handle the code triggering the crash of the app. In some situations, it has been noted that the iMessage app enters an endless reboot loop.

The attacker doesn’t require to install anything to make this flaw work, he can crash someone’s phone by simply sending the link to the target device.

If you have received a copy of the bug and it’s currently stopping you from using Messages on your iPhone, you can try these fixes:

Block the domain that hosts the bug. From Safari settings, then General > Restrictions > Enable Restrictions > Websites > Limit Adult Content > Never Allow > (add the domain here).

Remove the thread the link was sent in.

Reset your iPhone to factory settings. Don’t do this step unless you’ve backed up all of your data.

Wait for Apple patch.

Share if you likedShare on Facebook0Share on Google+0Tweet about this on TwitterShare on LinkedIn0
The following two tabs change content below.

Eslam Medhat

is a professional pen-tester with over 9 years of IT experience bringing a strong background in programming languages and application security, ranging from network and system administration to exploit research and development. He reported various vulnerabilities for high profile companies and vendors and was successfully acknowledged by them.

Eslam Medhat

is a professional pen-tester with over 9 years of IT experience bringing a strong background in programming languages and application security, ranging from network and system administration to exploit research and development. He reported various vulnerabilities for high profile companies and vendors and was successfully acknowledged by them.

Leave a Reply