• TV
  • MOVIES
  • MUSIC
  • SHOWBIZ
  • SOAPS
  • GAMING
  • TECH
  • FORUMS
  • Follow
    • Follow
    • facebook
    • twitter
    • google+
    • instagram
    • youtube
Hearst Corporation
  • TV
  • MOVIES
  • MUSIC
  • SHOWBIZ
  • SOAPS
  • GAMING
  • TECH
  • FORUMS
Forums
  • Register
  • Login
  • Forums
  • Gadgets
  • Mobile Phones
Apple Bug Alert
<<
<
2 of 7
>>
>
flagpole
30-08-2013
Originally Posted by IslandNiles:
“It's not a hoax. The string was posted on this very thread, but thankfully it's now been removed.”

I'm not sure why you are thankful it has been removed.

it had spaces so as to not work. the only danger is people knowing about it. and it is linked in the OP.
alanwarwic
30-08-2013
Originally Posted by kidspud:
“Maybe best if you people don't start speculating.”

Maybe the Guardian will run a fuller story on it.

sancheeez
30-08-2013
Originally Posted by Philip Wales:
“^^^ No I don't think it is fun, to try to crash other peoples devices. Suppose you think hackers are great and modern day "Robbin Hoods" until they hack your "Play account"”

Wow. Sense of humour bypass much!

(Mind you - iPad, iMac, iPhone 4, iPod Touch, Apple TV - so maybe I shouldn't be so surprised)

It's hardly breaking into their iTunes account to try and empty their bank account. As mentioned a post or two below you, all it does is crash the app.

The one which could be bad would be texting it to someone as that would cause a recursive failure in their messaging app. Hence why I just sent someone a link to the page, rather than a text.

As it stands, it's about on a par with telling someone that pressing Atl+F4 (or Apple/Command key + W) will make their browser run better. In fact, you should totally try that. Your browser will thank you for it ...
IslandNiles
30-08-2013
Originally Posted by flagpole:
“I'm not sure why you are thankful it has been removed.

it had spaces so as to not work. the only danger is people knowing about it. and it is linked in the OP.”

It did work; it repeatedly crashed Safari on my phone.
IslandNiles
30-08-2013
Originally Posted by sancheeez:
“Wow. Sense of humour bypass much!

(Mind you - iPad, iMac, iPhone 4, iPod Touch, Apple TV - so maybe I shouldn't be so surprised)

It's hardly breaking into their iTunes account to try and empty their bank account. As mentioned a post or two below you, all it does is crash the app.

The one which could be bad would be texting it to someone as that would cause a recursive failure in their messaging app. Hence why I just sent someone a link to the page, rather than a text.

As it stands, it's about on a par with telling someone that pressing Atl+F4 (or Apple/Command key + W) will make their browser run better. In fact, you should totally try that. Your browser will thank you for it ...”

Yeah, really amusing. You'll say it's just because I'm an iPhone user and therefore don't have a sense of humour. But if this were about Android or Windows Phone or whatever, I wouldn't even think of sending something to another person with the deliberate intention of causing their apps to crash. It's pretty pathetic, in my view.
Philip Wales
30-08-2013
Originally Posted by sancheeez:
“Wow. Sense of humour bypass much!

(Mind you - iPad, iMac, iPhone 4, iPod Touch, Apple TV - so maybe I shouldn't be so surprised)

It's hardly breaking into their iTunes account to try and empty their bank account. As mentioned a post or two below you, all it does is crash the app.

The one which could be bad would be texting it to someone as that would cause a recursive failure in their messaging app. Hence why I just sent someone a link to the page, rather than a text.

As it stands, it's about on a par with telling someone that pressing Atl+F4 (or Apple/Command key + W) will make their browser run better. In fact, you should totally try that. Your browser will thank you for it ...”

I personally don't care what phone, computer, games console people have or use, I just wouldn't go out of my way to try and crash and possibly corrupt their system.
sancheeez
30-08-2013
I already tried it on my iPad.

It crashed.

lol.

Hardly a big deal as long as you don't text it.

Apparently a similar bug exists in Windows Phone but it hasn't found it's way into the wild ...
sancheeez
30-08-2013
Originally Posted by Philip Wales:
“I personally don't care what phone, computer, games console people have or use, I just wouldn't go out of my way to try and crash and possibly corrupt their system.”

Did you Alt+F4 or Command+W yet?
alanwarwic
30-08-2013
Originally Posted by sancheeez:
“I already tried it on my iPad.
It crashed.lol.”

Well I certainly would not choose to test it


Yeh, its probably safe, yet I have often heard that common sense is the main weapon to keep us safe from malware..
If only people knew that they could promote their malware as a bug for instant propagation.

LOL
alanwarwic
30-08-2013
deleted.
sancheeez
30-08-2013
It crashes CoreText. Thats all. Besides the recursive messaging crash, thats not really a big deal.

I work in software testing.
IslandNiles
30-08-2013
Originally Posted by Philip Wales:
“I personally don't care what phone, computer, games console people have or use, I just wouldn't go out of my way to try and crash and possibly corrupt their system.”

Exactly. It's an odd thing to want to do.
Lidtop2013
30-08-2013
Lol who actually cares, it dumps you to the home screen, click safari and your back in, no issue really just an annoyance like already said above.

Now hurry up IOS 7
wilt
30-08-2013
Seems to be only iOS6, my iPod Touch which is stuck on iOS 5 shows the string fine.
hungover
30-08-2013
Originally Posted by IslandNiles:
“Yeah, really amusing. You'll say it's just because I'm an iPhone user and therefore don't have a sense of humour. But if this were about Android or Windows Phone or whatever, I wouldn't even think of sending something to another person with the deliberate intention of causing their apps to crash. It's pretty pathetic, in my view.”

you may have a valid point but i think the wider non apple community find it amusing because Apple, the press and their devotees have bee shovelling the macs don't get viruses/just work BS for years.

personally i think that anything that teaches the public that no OS is safe os a good thing.

apple/google/ms have to start being more honest. Most punters will only understand the risks if they are"victims". How many mac owners still don't even know they very hacked by flashback?
alanwarwic
30-08-2013
Apparently Apple knew about this 6+ months ago.

Someone simply chose to shame Apple for being ultra slow in not fixing a major security hole.
Many of us know full well that induced crashing is a trick for malware injection.

Incredibly here, you could maybe send it by iMessage and include your malware. Well used by Snowden and fellow NSA staff?
Who knows.
sancheeez
30-08-2013
It's only a rendering bug.

I can have the page with the crash string open in a tab that isn't currently visible and it's fine. As soon as I switch to that tab and it tries to render the page, it fails. If it wasn't for the fact that someone has decided to push this in the wild, I doubt it would even have caused anyone any problems. It's a wierd sequence of unicode characters that are (as far as I can gather) meaningless in that they don't form any meaningful text in any language.

So sending someone the text on it's own is not a big deal (unless in a way that allows it to be recursive). It certainly won't "corrupt your system". (If anything, the fact that it exists implies that your system is already corrupt!)

As mentioned above though, using it as a front for something worse is where the problem really lies.
alanwarwic
30-08-2013
Originally Posted by sancheeez:
“.... (If anything, the fact that it exists implies that your system is already corrupt!)..”

We can agree there.

I know from experience that coders can also leave stuff like this in for test purposes.
And when beta code with debris suddenly goes live without your knowledge, some choose to simply just keep their heads down.


I went with it being courtesy of Israel coders due to the Unicode being Arabic.
kidspud
30-08-2013
Originally Posted by alanwarwic:
“Apparently Apple knew about this 6+ months ago.

Someone simply chose to shame Apple for being ultra slow in not fixing a major security hole.
Many of us know full well that induced crashing is a trick for malware injection.

Incredibly here, you could maybe send it by iMessage and include your malware. Well used by Snowden and fellow NSA staff?
Who knows.”

When was this determined to be a security flaw and not just a bug?
alanwarwic
30-08-2013
I thought all security flaws were bugs.

So what determined that this flaw highlighted firstly in Russia would break into national news as a fun bug?
kidspud
30-08-2013
Originally Posted by alanwarwic:
“I thought all security flaws were bugs.
”

That might be true, but not all bugs are security flaws.

As you referred to it as a security flaw I assumed you may have some evidence that it has been used to breach the phones security.
alanwarwic
30-08-2013
Originally Posted by kidspud:
“As you referred to it as a security flaw I assumed you may have some evidence that it has been used to breach the phones security.”

An induced crash is a breach.
Its probably stage one only. Charlie Miller used induced crashes to then inject malware(stage 2) and win Pwn2Own cash prizes

Considering this has been fixed in IOS 7 it is a fair speculation that criminals/hackers(Russian?) released just the stage 1 but for a revenge laugh.
hungover
30-08-2013
Originally Posted by alanwarwic;6*****49:
“An induced crash is a breach.
Its probably stage one only. Charlie Miller used induced crashes to then inject malware(stage 2) and win Pwn2Own cash prizes

Considering this has been fixed in IOS 7 it is a fair speculation that criminals/hackers(Russian?) released just the stage 1 but for a revenge laugh.”

why would criminals discover a potential exploit, notify apple and then wait 6 months to publicise it. Might it not be the case that they were annoyed that apple didn't patch it. Alternatively they may be grandstanding in the belief that it will be dealt with before any harm can be done.
alanwarwic
30-08-2013
Originally Posted by hungover:
“why would criminals discover a potential exploit, notify apple and then wait 6 months to publicise it...”

We don't know how many found it or made use of it.

Obviously it came up in conversations when found to be finally fixed.
Considering it is in OS/X too, this Core Text 'bug' could have been live for a good 7 years now.
IslandNiles
30-08-2013
Originally Posted by alanwarwic;6*****49:
“An induced crash is a breach.
Its probably stage one only. Charlie Miller used induced crashes to then inject malware(stage 2) and win Pwn2Own cash prizes

Considering this has been fixed in IOS 7 it is a fair speculation that criminals/hackers(Russian?) released just the stage 1 but for a revenge laugh.”

This is a joke, surely. You sound like a conspiracy theorist.
<<
<
2 of 7
>>
>
VIEW DESKTOP SITE TOP

JOIN US HERE

  • Facebook
  • Twitter

Hearst Corporation

Hearst Corporation

DIGITAL SPY, PART OF THE HEARST UK ENTERTAINMENT NETWORK

© 2015 Hearst Magazines UK is the trading name of the National Magazine Company Ltd, 72 Broadwick Street, London, W1F 9EP. Registered in England 112955. All rights reserved.

  • Terms & Conditions
  • Privacy Policy
  • Cookie Policy
  • Complaints
  • Site Map