Sometimes, we at SCS like to make our posts short and sweet. With chaiOS, we have a great time to do so. The researcher has already removed his exploit on Github. Apple’s actively working on a fix. The best part, it causes no lasting damage. But researchers report bugs like chaiOS regularly. It’s a common class of bug, and worth knowing.
When sent a webpage link in Messages, the app will generate a preview of the webpage for you. Apple normally allows developers to include some special characters into their webpage. That way, you can customize the preview. Normally, most developers only put in a few of these characters. However, the security researcher Abraham Masri discovered that sending hundreds of thousands of characters would cause issues in Messages. Testers have reported battery issues, crashes, and system reboots. Thankfully, restarting the device and deleting the message thread fully fixes the issue. Apple has already started on a fix, and Abraham has taken the bugged webpage off his Github as a result.
Interestingly, this has happened before, with Effective Power in 2015 and an abuse of the HTML5 History API in 2016. Thankfully, these crashes do not pose a security risk. They only make your day a little worse by forcing you to restart your device.
About Secure Compliance Solutions LLC
Secure Compliance Solutions LLC (SCS) provides a wide range of cybersecurity consulting and managed security services to small and medium sized businesses (SMB) and government agencies, fortifying their Information Security and Data Privacy programs. SCS works with its clients to tailor and implement industry-proven frameworks and standards to meet compliance goals and drive consistent security operations. We raise awareness of current security trends and risks to prepare personnel to recognize and defend against potential security issues. We implement technical solutions and controls to minimize data risks and liabilities. Our Managed Security Service provides “constant watch” against both internal and external cyber threats and attacks. At SCS, we promote a strategy of readiness and resilience that facilitates business risk mitigation and enables dynamic response capabilities to keep your business up and running.