Forum Thread

Pretty Serious Unicode of Death Bug - crashes iPhones, Safari on OSX, and current tab in Chrome on OSX

dzap 50,347 10,948 September 1, 2013 at 09:25 AM
Text of bug can be found here: Will crash your browser if you are on OSX or iOS (Safari; current tab in Chrome)
https://zhovner.com/tmp/killwebkit.html


If you are on OSX, use Firefox to display it, as Firefox uses it's own font rendering engine.


For anyone that can actually read Arabic, you'll know that is basically gibberish.

However, this string of text...if sent to ANY (I mean ANY) of the millions of iPhones in the world, it will crash the Text Messaging app and will be at the mercy of the sender to have the Text Messaging app restored, or you will have to restore the iPhone.

If this text is shown on Safari on OSX, it will crash Safari.

If this text is shown in Chrome on OSX, it will crash the Chrome tab.

If this text is shown in Opera on OSX, it will crash the tab in Opera.

Facebook has already blocked the text.

Firefox, however uses it's own text rendering on OSX, and will display it fine (the only way I'm able to type up this post.).

Basically any browser that uses the iOS/OSX Web Rendering Engine.

If this is sent via iMessage or Messages it will crash the Messaging app in an endless loop. I have pissed someone off doing this without prior notice.

I have not tested it, but sending it via email will also crash in an endless loop for iOS, and the results are the same for Safari on iOS (browser will crash).

The bug occurs in the current version of OSX (10.8) Mountain Lion and iOS6.

The bug is fixed on iOS7 devices and in Mavericks (10.9) for OSX.

But for right now, this bug will affect basically 90% of the world with iPhones and Macs. To me, this is an extremely dangerous bug, and I recommend if any of you in IT have a way to block this, it will make your week a lot easier to deal with, as Apple pushes users to iOS 7. Apple has not as of now, issued a patch for this.

EDIT: Because the way SD displays text, this is not a good example (it will not crash, it will for me when I go to edit the post, but not when it is displayed on SD. If you are on OSX in Safari or on iOS or Chrome, you can test this bug by going here..
https://zhovner.com/tmp/killwebkit.html

5 Comments

1

Sign up for a Slickdeals account to remove this ad.

Joined Sep 2009
Master Jedi
6,879 Posts
2,119 Reputation
Pro
#2
Dbag move to actually have the text posted--crashes Safari on iOS.

For anyone that is jailbroken and wants to protect yourself from this vulnerability:

http://modmyi.com/content/12022-g...gines.html
Reply Helpful Comment? 0 0
If you refer to your husband/wife as 'DH/DW', you're too old to be active on a forum.

If you ask for marriage advice on a(ny) forum, you should seriously reevaluate your life.

If you don't know the difference between 'their', 'there', and 'they're', I automatically assume you have a mental disability (same goes for to/two/too and your/you're/yore).
Joined Jul 2006
CDI gave me free netflix!
50,347 Posts
10,948 Reputation
Original Poster
#3
Quote from prozac4312 View Post :
Dbag move to actually have the text posted--crashes Safari on iOS.

For anyone that is jailbroken and wants to protect yourself from this vulnerability:

http://modmyi.com/content/12022-glyphpatch-fixes-vulnerability-ios-character-rendering-engines.html
I thought it was how SD rendered fonts or something as I am on Chrome and Safari on OSX and it did not crash unless I went into my post and edited it.


It's a pretty nasty bug that has been around since February and is only coming to light again now for some reason.


Best to post it wherever so Apple can fix this and patch it.


Like I said, I pissed someone off sending it in plain text to someone's iPhone. It did way more than intended and actually had it respring several times.


This could be used for something malicious possibly later down the line, so it's best to be exposed to it now as Apple pushes iOS7 over the coming week.
Reply Helpful Comment? 0 0
Joined Sep 2009
Master Jedi
6,879 Posts
2,119 Reputation
Pro
#4
It's already fixed in iOS 7.
Reply Helpful Comment? 0 0
Joined Jul 2006
CDI gave me free netflix!
50,347 Posts
10,948 Reputation
Original Poster
#5
Quote from prozac4312 View Post :
It's already fixed in iOS 7.
Yes I know. I already mentioned that in OP.
Reply Helpful Comment? 0 0
Joined Jul 2006
CDI gave me free netflix!
50,347 Posts
10,948 Reputation
Original Poster
#6
Bump OSX 10.8.5 update released today fixes this bug.

If anyone still wants to unleash hell on iPhone users, you have about a week left before iOS7 is launched worldwide.
Reply Helpful Comment? 0 0
Page 1 of 1
1
Join the Conversation
Add a Comment
 
Copyright 1999 - 2016. Slickdeals, LLC. All Rights Reserved. Copyright / Infringement Policy  •  Privacy Policy  •  Terms of Service  •  Acceptable Use Policy (Rules)  •  Interest-Based Ads
Link Copied to Clipboard