Building a slide deck, pitch, or presentation? Here are the big takeaways:
- A newly discovered text-related bug in iOS can crash the operating system with little more than an HTML link.
- This is the third such bug to hit iOS in the past few years, raising concerns that Apple is simply treating symptoms in iOS and not solving problems. –TechRepublic
It turns out just a simple chunk of HTML code, when sent as a link in a text message, has the power to leave iOS gasping for air. Masri says the bug, which he calls ChaiOS, “causes device to freeze, respring, drains battery, and/or sometimes panic.” The recipient doesn’t even need to open the link–simply receiving it is enough.
These particular bugs are simple and irritating, not something that’s going to compromise your device or endanger your personal information. A continued pattern, however, is cause for concern.
Continuing a trend
Masri has since taken the code for ChaiOS down, and he has no plans to republish it. “I made my point,” Masri said. “Apple needs to take such bugs more seriously.”
ChaiOS is just another in a string of similar iOS bugs, making it seem that Apple may be failing to do so. While the company has responded with patches that fix its OS flaws, the fact that similar issues continue to be discovered suggests the company is slapping band aids on problems rather than investigating underlying causes that need to be fixed.
Forrester security and risk analyst Jeff Pollard said that while iOS bugs happen less often and generally with less severity than Android ones, the repetitive nature of bugs like ChaiOS should, and does, raise questions.
Harmless as it may be, ChaiOS reflects poorly on Apple and the stability and security of iOS. It would be one thing if this were the first device-crashing text bomb encountered on an iOS device, but it isn’t.
There’s a problem somewhere in iOS that isn’t being fixed, and I hope patches for more serious things like Meltdown and Spectre are treating the disease rather than the symptom.
“If Apple continues to stress that privacy and security are important to them – and I hope they do – then discovering vulnerabilities like this one as early as possible and responding to them is a must,” Pollard said.
And there needs to be more than just a “patch-and-forget” response. If consumers and businesses are going to continue to have faith in Apple, and Google, they need to be sure that repetitive problems aren’t symptoms of a deeper disease in their mobile OSes.
We’re lucky that ChaiOS isn’t a serious security flaw. It’s just an annoyance this time … right?
- 17 tips for protecting Windows computers and Macs from ransomware (free PDF) (TechRepublic)
- Has your iPhone started randomly crashing today? Here’s why and how to fix it (ZDNet)
- iOS security alert: Your device is transmitting Exchange credentials without any encryption (TechRepublic)
- Just one day after its release, iOS 11.1 hacked by security researchers (ZDNet)
- iCloud Keychain encryption bug exposes iOS passwords, credit card numbers (TechRepublic)