Apple iPhone users escape bug that would have forced them to factory reset their phone
Apple iPhone users didn't know it until a fix was disseminated, but a bug could have forced them to perform a factory reset had they received a particular malformed message. This was revealed by Google Project Zero (via Apple Insider), the company's security team that discovers bugs and vulnerabilities. The reason that no one heard about the bug until now is that under Project Zero, a bug is not disclosed until 90 days has expired, or a fix has been sent. In this case, Apple sent out a fix for this bug in the iOS 12.3 update. This was pushed out on May 13th and included Apple News+, AirPlay2, and a redesigned TV app.
The problem with the malformed message is that the phone is expecting a key value with a string of code, but doesn't check to make sure it is included. Because the code is not included, on the iPhone the message loads, crashes and reloads. This cycle repeats until the phone stops displaying the user interface and doesn't recognize inputs. A hard reset doesn't fix things and the phone is rendered unusable once it is unlocked. One user found that there are three ways to unbrick an affected iPhone:
- Wipe the device with 'Find my iPhone.'
- Put the device in recovery mode and update via iTunes (note that this will force an update to the latest version).
- Remove the SIM card and go out of Wifi range and wipe the device in the menu.
Last year, a similar issue occurred when users received an iMessage containing a black dot and tapped on it. The black dot contained thousands of strings of Unicode that bogged down the iPhone's processor causing the phone to crash. The black dot also affected Android users who received the same message on WhatsApp. Also last year, Apple had to send out an iOS update to fix a bug that caused iPhones around the world to reboot. This would occur when an iPhone user received a message containing a character from the Indian Telugu language sent over iMessage or placed in a text field.
In 2015, the "Effective Power bug" caused iPhones to crash when a specific iMessage was received. When rebooted, the Messages app would fail to work. The malicious part of the iMessage was a string of Arabic characters that could not be separated correctly in iOS. When an incoming message notification was received, the Arabic characters were too long to fit in the notification thus causing the handset to crash.
Always make sure that your iPhone is running the latest version of iOS
"...on an iPhone, this code is in Springboard. Receiving this message will case Springboard to crash and respawn repeatedly, causing the UI not to be displayed and the phone to stop responding to input. This condition survives a hard reset and causes the phone to be unusable as soon as it is unlocked. The only way I could find to fix the phone is to reboot into recovery mode and do a restore. This causes the data on the device to be lost though."-post on Google Project Zero website
A bug that could have forced Apple iPhone users to perform a factory reset on their device has been exterminated by iOS 12.3
Things that are NOT allowed: