“A memory corruption issue was addressed through improved input validation” – it is the description of the vulnerability disclosed last week for the Apple devices.
The bug affects every iPhone, iPad, iPod, Mac, Apple TV or Apple Watch running their latest software versions.
The glitch could be really damaging: anyone can shut down your device just texting you. The error that causes the crash occurs when a specific Indian character in the Telugu language (language spoken by 5% of the entire Indian population: about 70 million people) is received by the device or when it is typed into a text editor.
It interests many apps that can display strings, including the major IM apps as WhatsApp, FB Messenger, iMessage, etc. (Telegram and Skype seem to be unaffected).
Apps which receive the bad character crash and their services remain unavailable (because the app is trying and failing to load the string), until someone deletes the message.
To solve the issue it’s recommended to log in the service with a device using another OS (for example using WhatsApp web), in order to delete the message and then reinstall the app on the iOS device.
If the user is not using his device when he receives the message, the bug causes more trouble: when the iOS attempts to show the Indian character in a screen notification, the entire Springboard crashes and the device can go into a bootloop endlessly restarting without booting up.
The glitch is addressed to CVE-2018-4124, a vulnerability (at the time of writing marked as **RESERVED**) particularly easy to exploit. It is a cybersecurity vulnerability because it could be used to carry out a Denial-of-Service attack. The attacker could send emails containing the bad Indian character to many users, so he’s able to shut down many devices simultaneously creating a Denial-of-Service.
The news about Indian character bug spread all over the world. It’s not the first time for Apple to deal with this type of issues (for example Effective Power in 2015 or chaiOS in January 2018).
Fortunately, the company releases on February 19th an update for several software versions. It fixes the Indian character bug for every Apple devices. Update your devices as soon as possible, so you could text with your Indian friends without any crashes.
Here the latest releases: