|
||||||||
Apple Bug Alert |
![]() |
|
|
Thread Tools | Search this Thread |
|
|
#26 |
|
Inactive Member
Join Date: Jan 2003
Posts: 43,524
|
Quote:
It's not a hoax. The string was posted on this very thread, but thankfully it's now been removed.
it had spaces so as to not work. the only danger is people knowing about it. and it is linked in the OP. |
|
|
|
|
Please sign in or register to remove this advertisement.
|
|
|
#27 |
|
Forum Member
Join Date: Oct 2003
Location: the wild world web
Posts: 28,132
|
Quote:
Maybe best if you people don't start speculating.
|
|
|
|
|
|
#28 |
|
Forum Member
Join Date: Feb 2005
Posts: 6,762
|
Quote:
^^^ No I don't think it is fun, to try to crash other peoples devices. Suppose you think hackers are great and modern day "Robbin Hoods" until they hack your "Play account"
(Mind you - iPad, iMac, iPhone 4, iPod Touch, Apple TV - so maybe I shouldn't be so surprised) It's hardly breaking into their iTunes account to try and empty their bank account. As mentioned a post or two below you, all it does is crash the app. The one which could be bad would be texting it to someone as that would cause a recursive failure in their messaging app. Hence why I just sent someone a link to the page, rather than a text. As it stands, it's about on a par with telling someone that pressing Atl+F4 (or Apple/Command key + W) will make their browser run better. In fact, you should totally try that. Your browser will thank you for it ... |
|
|
|
|
|
#29 |
|
Forum Member
Join Date: Apr 2005
Posts: 13,091
|
Quote:
I'm not sure why you are thankful it has been removed.
it had spaces so as to not work. the only danger is people knowing about it. and it is linked in the OP. |
|
|
|
|
|
#30 |
|
Forum Member
Join Date: Apr 2005
Posts: 13,091
|
Quote:
Wow. Sense of humour bypass much!
(Mind you - iPad, iMac, iPhone 4, iPod Touch, Apple TV - so maybe I shouldn't be so surprised) It's hardly breaking into their iTunes account to try and empty their bank account. As mentioned a post or two below you, all it does is crash the app. The one which could be bad would be texting it to someone as that would cause a recursive failure in their messaging app. Hence why I just sent someone a link to the page, rather than a text. As it stands, it's about on a par with telling someone that pressing Atl+F4 (or Apple/Command key + W) will make their browser run better. In fact, you should totally try that. Your browser will thank you for it ... |
|
|
|
|
|
#31 |
|
Forum Member
Join Date: Feb 2013
Location: South Wales
Posts: 5,866
|
Quote:
Wow. Sense of humour bypass much!
(Mind you - iPad, iMac, iPhone 4, iPod Touch, Apple TV - so maybe I shouldn't be so surprised) It's hardly breaking into their iTunes account to try and empty their bank account. As mentioned a post or two below you, all it does is crash the app. The one which could be bad would be texting it to someone as that would cause a recursive failure in their messaging app. Hence why I just sent someone a link to the page, rather than a text. As it stands, it's about on a par with telling someone that pressing Atl+F4 (or Apple/Command key + W) will make their browser run better. In fact, you should totally try that. Your browser will thank you for it ... |
|
|
|
|
|
#32 |
|
Forum Member
Join Date: Feb 2005
Posts: 6,762
|
I already tried it on my iPad.
It crashed. lol. Hardly a big deal as long as you don't text it. Apparently a similar bug exists in Windows Phone but it hasn't found it's way into the wild ... |
|
|
|
|
|
#33 |
|
Forum Member
Join Date: Feb 2005
Posts: 6,762
|
Quote:
I personally don't care what phone, computer, games console people have or use, I just wouldn't go out of my way to try and crash and possibly corrupt their system.
|
|
|
|
|
|
#34 |
|
Forum Member
Join Date: Oct 2003
Location: the wild world web
Posts: 28,132
|
Quote:
I already tried it on my iPad.
It crashed.lol. Yeh, its probably safe, yet I have often heard that common sense is the main weapon to keep us safe from malware.. If only people knew that they could promote their malware as a bug for instant propagation. LOL |
|
|
|
|
|
#35 |
|
Forum Member
Join Date: Oct 2003
Location: the wild world web
Posts: 28,132
|
deleted.
|
|
|
|
|
|
#36 |
|
Forum Member
Join Date: Feb 2005
Posts: 6,762
|
It crashes CoreText. Thats all. Besides the recursive messaging crash, thats not really a big deal.
I work in software testing. |
|
|
|
|
|
#37 |
|
Forum Member
Join Date: Apr 2005
Posts: 13,091
|
Quote:
I personally don't care what phone, computer, games console people have or use, I just wouldn't go out of my way to try and crash and possibly corrupt their system.
|
|
|
|
|
|
#38 |
|
Forum Member
Join Date: Jan 2013
Location: West Midlands
Posts: 2,450
|
Lol who actually cares, it dumps you to the home screen, click safari and your back in, no issue really just an annoyance like already said above.
Now hurry up IOS 7 |
|
|
|
|
|
#39 |
|
Forum Member
Join Date: Oct 2004
Location: Potterspury
Posts: 930
|
Seems to be only iOS6, my iPod Touch which is stuck on iOS 5 shows the string fine.
|
|
|
|
|
#40 |
|
Forum Member
Join Date: Nov 2008
Posts: 144
|
Quote:
Yeah, really amusing. You'll say it's just because I'm an iPhone user and therefore don't have a sense of humour. But if this were about Android or Windows Phone or whatever, I wouldn't even think of sending something to another person with the deliberate intention of causing their apps to crash. It's pretty pathetic, in my view.
personally i think that anything that teaches the public that no OS is safe os a good thing. apple/google/ms have to start being more honest. Most punters will only understand the risks if they are"victims". How many mac owners still don't even know they very hacked by flashback? |
|
|
|
|
|
#41 |
|
Forum Member
Join Date: Oct 2003
Location: the wild world web
Posts: 28,132
|
Apparently Apple knew about this 6+ months ago.
Someone simply chose to shame Apple for being ultra slow in not fixing a major security hole. Many of us know full well that induced crashing is a trick for malware injection. Incredibly here, you could maybe send it by iMessage and include your malware. Well used by Snowden and fellow NSA staff? Who knows. |
|
|
|
|
|
#42 |
|
Forum Member
Join Date: Feb 2005
Posts: 6,762
|
It's only a rendering bug.
I can have the page with the crash string open in a tab that isn't currently visible and it's fine. As soon as I switch to that tab and it tries to render the page, it fails. If it wasn't for the fact that someone has decided to push this in the wild, I doubt it would even have caused anyone any problems. It's a wierd sequence of unicode characters that are (as far as I can gather) meaningless in that they don't form any meaningful text in any language. So sending someone the text on it's own is not a big deal (unless in a way that allows it to be recursive). It certainly won't "corrupt your system". (If anything, the fact that it exists implies that your system is already corrupt!) As mentioned above though, using it as a front for something worse is where the problem really lies. |
|
|
|
|
|
#43 |
|
Forum Member
Join Date: Oct 2003
Location: the wild world web
Posts: 28,132
|
Quote:
.... (If anything, the fact that it exists implies that your system is already corrupt!)..
I know from experience that coders can also leave stuff like this in for test purposes. And when beta code with debris suddenly goes live without your knowledge, some choose to simply just keep their heads down. ![]() I went with it being courtesy of Israel coders due to the Unicode being Arabic. |
|
|
|
|
|
#44 |
|
Forum Member
Join Date: May 2010
Posts: 11,493
|
Quote:
Apparently Apple knew about this 6+ months ago.
Someone simply chose to shame Apple for being ultra slow in not fixing a major security hole. Many of us know full well that induced crashing is a trick for malware injection. Incredibly here, you could maybe send it by iMessage and include your malware. Well used by Snowden and fellow NSA staff? Who knows. |
|
|
|
|
|
#45 |
|
Forum Member
Join Date: Oct 2003
Location: the wild world web
Posts: 28,132
|
I thought all security flaws were bugs.
So what determined that this flaw highlighted firstly in Russia would break into national news as a fun bug? |
|
|
|
|
|
#46 |
|
Forum Member
Join Date: May 2010
Posts: 11,493
|
Quote:
I thought all security flaws were bugs.
As you referred to it as a security flaw I assumed you may have some evidence that it has been used to breach the phones security. |
|
|
|
|
|
#47 |
|
Forum Member
Join Date: Oct 2003
Location: the wild world web
Posts: 28,132
|
Quote:
As you referred to it as a security flaw I assumed you may have some evidence that it has been used to breach the phones security.
Its probably stage one only. Charlie Miller used induced crashes to then inject malware(stage 2) and win Pwn2Own cash prizes Considering this has been fixed in IOS 7 it is a fair speculation that criminals/hackers(Russian?) released just the stage 1 but for a revenge laugh. |
|
|
|
|
|
#48 |
|
Forum Member
Join Date: Nov 2008
Posts: 144
|
Quote:
Originally Posted by alanwarwic;6*****49
An induced crash is a breach.
Its probably stage one only. Charlie Miller used induced crashes to then inject malware(stage 2) and win Pwn2Own cash prizes Considering this has been fixed in IOS 7 it is a fair speculation that criminals/hackers(Russian?) released just the stage 1 but for a revenge laugh. |
|
|
|
|
|
#49 |
|
Forum Member
Join Date: Oct 2003
Location: the wild world web
Posts: 28,132
|
Quote:
why would criminals discover a potential exploit, notify apple and then wait 6 months to publicise it...
Obviously it came up in conversations when found to be finally fixed. Considering it is in OS/X too, this Core Text 'bug' could have been live for a good 7 years now. |
|
|
|
|
|
#50 |
|
Forum Member
Join Date: Apr 2005
Posts: 13,091
|
Quote:
Originally Posted by alanwarwic;6*****49
An induced crash is a breach.
Its probably stage one only. Charlie Miller used induced crashes to then inject malware(stage 2) and win Pwn2Own cash prizes Considering this has been fixed in IOS 7 it is a fair speculation that criminals/hackers(Russian?) released just the stage 1 but for a revenge laugh. |
|
|
|
![]() |
|
All times are GMT. The time now is 17:39.





