Abraham Masri (security researcher and software developer) has found a security issue called “chaiOS Text Bomb” in Apple’s operating systems (iOS and macOS) that could be exploited to freeze or crash your iPhone, Mac or iPad.
“chaiOS is a malicious iOS bug that can cause the target device to freeze, respring, drain the battery, and possibly kernel panic. It is developed by the eminent jailbreak developer, Abraham Masri.”
The exploitation of this flaw is very easy, all that is required for a phone to be sent a text message that includes a link to a web page hosting a JavaScript code. The iMessage app fails to correctly handle the code triggering the crash of the app. In some situations, it has been noted that the iMessage app enters an endless reboot loop.
The attacker doesn’t require to install anything to make this flaw work, he can crash someone’s phone by simply sending the link to the target device.
If you have received a copy of the bug and it’s currently stopping you from using Messages on your iPhone, you can try these fixes:
– Block the domain that hosts the bug. From Safari settings, then General > Restrictions > Enable Restrictions > Websites > Limit Adult Content > Never Allow > (add the domain here).
– Remove the thread the link was sent in.
– Reset your iPhone to factory settings. Don’t do this step unless you’ve backed up all of your data.
– Wait for Apple patch.
