A newly discovered vulnerability in Apple’s iMessage lets ill-meaning people to completely freeze the app on and even restarts the iDevices by simply sending a link. The bug named chaiOS was taken down from the platform and the account was shortly suspended, so at least finding it wouldn’t be too easy.
👋 Effective Power is back, baby!
Text the link below, it will freeze the recipient’s device, and possibly restart it. https://t.co/Ln93XN51Kq
⚠️ Do not use it for bad stuff.
thanks to @aaronp613 @garnerlogan65 @lepidusdev @brensalsa for testing!
Abraham Masri (@cheesecakeufo) January 16, 2018
According to Masri, the link was stuffed with thousand of metacharacters that iMessage could not read properly. When the URL is sent to someone, the app generates a preview, which makes the app freeze and renders the device unusable for several minutes. And since the preview is automatically generated you don’t even need to click the link, which makes the vulnerability all the more annoying.
The bug is present on devices with iOS 10.0 through 11.2.5 beta 5 and some macOS computers. Latest beta 6 fixes patches the issue, so we are waiting for a stable release.