This ‘chaiOS’ text bomb can freeze or lock your iOS and macOS devices
A software developer has discovered a security vulnerability in Apple’s operating systems (iOS and macOS) that is capable of freezing or crashing your iPhone, Mac or iPad.
Chicago-based software developer Abraham Masri, who originally discovered the bug and posted his findings to GitHub on Tuesday afternoon, warned people not to “use it for bad stuff”. However, the link started being shared quickly on social media.
The malicious link dubbed as “chaiOS” text bomb is sent through Apple’s Message app, which once clicked on redirects the Messages app to a page stored on GitHub, a hosting service for computer code, and then tries to open a huge list of text, which ultimately overloads iOS or macOS and crashes the iPhone, Mac or iPad. It makes the Message app unusable and also deletes all the messages on the device.
The users are reporting effects such as freezing, crashes, restarts and resprings, a process which takes about 10 seconds and returns you to the Lock Screen.
Masri told BuzzFeed News that he discovered the bug while “fuzzing with the operating system.” In other words, he was trying to enter random characters into its internal code of the operating system so that he could break it.
? Effective Power is back, baby!
Text the link below, it will freeze the recipient's device, and possibly restart it. https://t.co/Ln93XN51Kq
— Abraham Masri (@cheesecakeufo) January 16, 2018
According to BuzzFeed News, Twitter user @aaronp613, who tested the bug, said that after the link is sent, “The device will freeze for a few minutes. Then, most of the time, it resprings.” After that, the Messages app won’t load any messages and will continue to crash. He tested chaiOS on an iPhone X and iPhone 5S, and said the bug affects iOS versions 10.0 through 11.2.5 beta 5.
Masri said he published the bug to alert Apple: “My intention is not to do bad things. My main purpose was to reach out to Apple and say, ‘Hey, you’ve been ignoring my bug reports.’ I always report the bug before releasing something.”
To this, award-winning computer security expert Graham Cluley wrote on his blog: “Something about the so-called ChaiOS bug’s code gives your Apple device a brainstorm.
“Ashamed about the mess it gets itself in, Messages decides the least embarrassing thing to do is to crash.
“Nasty. But, thankfully, more of a nuisance than something that will lead to data being stolen from your computer or a malicious hacker being able to access your files.
“Please don’t be tempted to try the text bomb attack out on anyone else – you’re not being funny, you’re just being a jerk.”
Currently, the only solution appears is to quit the Messages app on iOS or Mac, open it back up, and immediately delete the entire message thread to restore full functionality.
Since, Apple has not commented on the problem, it is unclear if they are working on a fix. We will update this article if we get more information. Meanwhile, keep an eye on the upcoming software update released by Apple that patches the bug.