DS Forums

 
 

Apple Bug Alert


Reply
Thread Tools Search this Thread
Old 30-08-2013, 11:49
flagpole
Inactive Member
 
Join Date: Jan 2003
Posts: 43,524
It's not a hoax. The string was posted on this very thread, but thankfully it's now been removed.
I'm not sure why you are thankful it has been removed.

it had spaces so as to not work. the only danger is people knowing about it. and it is linked in the OP.
flagpole is offline   Reply With Quote
Please sign in or register to remove this advertisement.
Old 30-08-2013, 11:58
alanwarwic
Forum Member
 
Join Date: Oct 2003
Location: the wild world web
Posts: 28,132
Maybe best if you people don't start speculating.
Maybe the Guardian will run a fuller story on it.

alanwarwic is offline   Reply With Quote
Old 30-08-2013, 12:07
sancheeez
Forum Member
 
Join Date: Feb 2005
Posts: 6,762
^^^ No I don't think it is fun, to try to crash other peoples devices. Suppose you think hackers are great and modern day "Robbin Hoods" until they hack your "Play account"
Wow. Sense of humour bypass much!

(Mind you - iPad, iMac, iPhone 4, iPod Touch, Apple TV - so maybe I shouldn't be so surprised)

It's hardly breaking into their iTunes account to try and empty their bank account. As mentioned a post or two below you, all it does is crash the app.

The one which could be bad would be texting it to someone as that would cause a recursive failure in their messaging app. Hence why I just sent someone a link to the page, rather than a text.

As it stands, it's about on a par with telling someone that pressing Atl+F4 (or Apple/Command key + W) will make their browser run better. In fact, you should totally try that. Your browser will thank you for it ...
sancheeez is offline   Reply With Quote
Old 30-08-2013, 12:18
IslandNiles
Forum Member
 
Join Date: Apr 2005
Posts: 13,091
I'm not sure why you are thankful it has been removed.

it had spaces so as to not work. the only danger is people knowing about it. and it is linked in the OP.
It did work; it repeatedly crashed Safari on my phone.
IslandNiles is offline   Reply With Quote
Old 30-08-2013, 12:22
IslandNiles
Forum Member
 
Join Date: Apr 2005
Posts: 13,091
Wow. Sense of humour bypass much!

(Mind you - iPad, iMac, iPhone 4, iPod Touch, Apple TV - so maybe I shouldn't be so surprised)

It's hardly breaking into their iTunes account to try and empty their bank account. As mentioned a post or two below you, all it does is crash the app.

The one which could be bad would be texting it to someone as that would cause a recursive failure in their messaging app. Hence why I just sent someone a link to the page, rather than a text.

As it stands, it's about on a par with telling someone that pressing Atl+F4 (or Apple/Command key + W) will make their browser run better. In fact, you should totally try that. Your browser will thank you for it ...
Yeah, really amusing. You'll say it's just because I'm an iPhone user and therefore don't have a sense of humour. But if this were about Android or Windows Phone or whatever, I wouldn't even think of sending something to another person with the deliberate intention of causing their apps to crash. It's pretty pathetic, in my view.
IslandNiles is offline   Reply With Quote
Old 30-08-2013, 12:27
Philip Wales
Forum Member
 
Join Date: Feb 2013
Location: South Wales
Posts: 5,866
Wow. Sense of humour bypass much!

(Mind you - iPad, iMac, iPhone 4, iPod Touch, Apple TV - so maybe I shouldn't be so surprised)

It's hardly breaking into their iTunes account to try and empty their bank account. As mentioned a post or two below you, all it does is crash the app.

The one which could be bad would be texting it to someone as that would cause a recursive failure in their messaging app. Hence why I just sent someone a link to the page, rather than a text.

As it stands, it's about on a par with telling someone that pressing Atl+F4 (or Apple/Command key + W) will make their browser run better. In fact, you should totally try that. Your browser will thank you for it ...
I personally don't care what phone, computer, games console people have or use, I just wouldn't go out of my way to try and crash and possibly corrupt their system.
Philip Wales is offline   Reply With Quote
Old 30-08-2013, 12:27
sancheeez
Forum Member
 
Join Date: Feb 2005
Posts: 6,762
I already tried it on my iPad.

It crashed.

lol.

Hardly a big deal as long as you don't text it.

Apparently a similar bug exists in Windows Phone but it hasn't found it's way into the wild ...
sancheeez is offline   Reply With Quote
Old 30-08-2013, 12:28
sancheeez
Forum Member
 
Join Date: Feb 2005
Posts: 6,762
I personally don't care what phone, computer, games console people have or use, I just wouldn't go out of my way to try and crash and possibly corrupt their system.
Did you Alt+F4 or Command+W yet?
sancheeez is offline   Reply With Quote
Old 30-08-2013, 12:33
alanwarwic
Forum Member
 
Join Date: Oct 2003
Location: the wild world web
Posts: 28,132
I already tried it on my iPad.
It crashed.lol.
Well I certainly would not choose to test it


Yeh, its probably safe, yet I have often heard that common sense is the main weapon to keep us safe from malware..
If only people knew that they could promote their malware as a bug for instant propagation.

LOL
alanwarwic is offline   Reply With Quote
Old 30-08-2013, 12:37
alanwarwic
Forum Member
 
Join Date: Oct 2003
Location: the wild world web
Posts: 28,132
deleted.
alanwarwic is offline   Reply With Quote
Old 30-08-2013, 12:40
sancheeez
Forum Member
 
Join Date: Feb 2005
Posts: 6,762
It crashes CoreText. Thats all. Besides the recursive messaging crash, thats not really a big deal.

I work in software testing.
sancheeez is offline   Reply With Quote
Old 30-08-2013, 12:50
IslandNiles
Forum Member
 
Join Date: Apr 2005
Posts: 13,091
I personally don't care what phone, computer, games console people have or use, I just wouldn't go out of my way to try and crash and possibly corrupt their system.
Exactly. It's an odd thing to want to do.
IslandNiles is offline   Reply With Quote
Old 30-08-2013, 12:54
Lidtop2013
Forum Member
 
Join Date: Jan 2013
Location: West Midlands
Posts: 2,450
Lol who actually cares, it dumps you to the home screen, click safari and your back in, no issue really just an annoyance like already said above.

Now hurry up IOS 7
Lidtop2013 is offline   Reply With Quote
Old 30-08-2013, 13:03
wilt
Forum Member
 
Join Date: Oct 2004
Location: Potterspury
Posts: 930
Seems to be only iOS6, my iPod Touch which is stuck on iOS 5 shows the string fine.
wilt is offline Follow this poster on Twitter   Reply With Quote
Old 30-08-2013, 13:04
hungover
Forum Member
 
Join Date: Nov 2008
Posts: 144
Yeah, really amusing. You'll say it's just because I'm an iPhone user and therefore don't have a sense of humour. But if this were about Android or Windows Phone or whatever, I wouldn't even think of sending something to another person with the deliberate intention of causing their apps to crash. It's pretty pathetic, in my view.
you may have a valid point but i think the wider non apple community find it amusing because Apple, the press and their devotees have bee shovelling the macs don't get viruses/just work BS for years.

personally i think that anything that teaches the public that no OS is safe os a good thing.

apple/google/ms have to start being more honest. Most punters will only understand the risks if they are"victims". How many mac owners still don't even know they very hacked by flashback?
hungover is offline   Reply With Quote
Old 30-08-2013, 13:10
alanwarwic
Forum Member
 
Join Date: Oct 2003
Location: the wild world web
Posts: 28,132
Apparently Apple knew about this 6+ months ago.

Someone simply chose to shame Apple for being ultra slow in not fixing a major security hole.
Many of us know full well that induced crashing is a trick for malware injection.

Incredibly here, you could maybe send it by iMessage and include your malware. Well used by Snowden and fellow NSA staff?
Who knows.
alanwarwic is offline   Reply With Quote
Old 30-08-2013, 13:39
sancheeez
Forum Member
 
Join Date: Feb 2005
Posts: 6,762
It's only a rendering bug.

I can have the page with the crash string open in a tab that isn't currently visible and it's fine. As soon as I switch to that tab and it tries to render the page, it fails. If it wasn't for the fact that someone has decided to push this in the wild, I doubt it would even have caused anyone any problems. It's a wierd sequence of unicode characters that are (as far as I can gather) meaningless in that they don't form any meaningful text in any language.

So sending someone the text on it's own is not a big deal (unless in a way that allows it to be recursive). It certainly won't "corrupt your system". (If anything, the fact that it exists implies that your system is already corrupt!)

As mentioned above though, using it as a front for something worse is where the problem really lies.
sancheeez is offline   Reply With Quote
Old 30-08-2013, 14:00
alanwarwic
Forum Member
 
Join Date: Oct 2003
Location: the wild world web
Posts: 28,132
.... (If anything, the fact that it exists implies that your system is already corrupt!)..
We can agree there.

I know from experience that coders can also leave stuff like this in for test purposes.
And when beta code with debris suddenly goes live without your knowledge, some choose to simply just keep their heads down.


I went with it being courtesy of Israel coders due to the Unicode being Arabic.
alanwarwic is offline   Reply With Quote
Old 30-08-2013, 14:14
kidspud
Forum Member
 
Join Date: May 2010
Posts: 11,493
Apparently Apple knew about this 6+ months ago.

Someone simply chose to shame Apple for being ultra slow in not fixing a major security hole.
Many of us know full well that induced crashing is a trick for malware injection.

Incredibly here, you could maybe send it by iMessage and include your malware. Well used by Snowden and fellow NSA staff?
Who knows.
When was this determined to be a security flaw and not just a bug?
kidspud is offline   Reply With Quote
Old 30-08-2013, 14:16
alanwarwic
Forum Member
 
Join Date: Oct 2003
Location: the wild world web
Posts: 28,132
I thought all security flaws were bugs.

So what determined that this flaw highlighted firstly in Russia would break into national news as a fun bug?
alanwarwic is offline   Reply With Quote
Old 30-08-2013, 14:20
kidspud
Forum Member
 
Join Date: May 2010
Posts: 11,493
I thought all security flaws were bugs.
That might be true, but not all bugs are security flaws.

As you referred to it as a security flaw I assumed you may have some evidence that it has been used to breach the phones security.
kidspud is offline   Reply With Quote
Old 30-08-2013, 14:54
alanwarwic
Forum Member
 
Join Date: Oct 2003
Location: the wild world web
Posts: 28,132
As you referred to it as a security flaw I assumed you may have some evidence that it has been used to breach the phones security.
An induced crash is a breach.
Its probably stage one only. Charlie Miller used induced crashes to then inject malware(stage 2) and win Pwn2Own cash prizes

Considering this has been fixed in IOS 7 it is a fair speculation that criminals/hackers(Russian?) released just the stage 1 but for a revenge laugh.
alanwarwic is offline   Reply With Quote
Old 30-08-2013, 15:12
hungover
Forum Member
 
Join Date: Nov 2008
Posts: 144
Originally Posted by alanwarwic;6*****49
An induced crash is a breach.
Its probably stage one only. Charlie Miller used induced crashes to then inject malware(stage 2) and win Pwn2Own cash prizes

Considering this has been fixed in IOS 7 it is a fair speculation that criminals/hackers(Russian?) released just the stage 1 but for a revenge laugh.
why would criminals discover a potential exploit, notify apple and then wait 6 months to publicise it. Might it not be the case that they were annoyed that apple didn't patch it. Alternatively they may be grandstanding in the belief that it will be dealt with before any harm can be done.
hungover is offline   Reply With Quote
Old 30-08-2013, 15:35
alanwarwic
Forum Member
 
Join Date: Oct 2003
Location: the wild world web
Posts: 28,132
why would criminals discover a potential exploit, notify apple and then wait 6 months to publicise it...
We don't know how many found it or made use of it.

Obviously it came up in conversations when found to be finally fixed.
Considering it is in OS/X too, this Core Text 'bug' could have been live for a good 7 years now.
alanwarwic is offline   Reply With Quote
Old 30-08-2013, 15:58
IslandNiles
Forum Member
 
Join Date: Apr 2005
Posts: 13,091
Originally Posted by alanwarwic;6*****49
An induced crash is a breach.
Its probably stage one only. Charlie Miller used induced crashes to then inject malware(stage 2) and win Pwn2Own cash prizes

Considering this has been fixed in IOS 7 it is a fair speculation that criminals/hackers(Russian?) released just the stage 1 but for a revenge laugh.
This is a joke, surely. You sound like a conspiracy theorist.
IslandNiles is offline   Reply With Quote
 
Reply




 
Forum Jump


All times are GMT. The time now is 17:39.