Malicious Link Texted to Mac And iOS Devices Can Freeze The Device

It may look like an innocent link to a web page, but a malicious link that is circulating is causing Apple devices to crash. The link is being described as a ‘text bomb’, and exploits a bug in iOS and Mac devices. If opened, the link causes devices to freeze or crash.

The link, which goes to a Github page, breaks the Messages app and causes problems on both iOS devices and Macs. Simply receiving the link results in issues, likely due to the Messages feature that lets you preview web links.  Software developer, Abraham Masri, found the bug, called “chaiOS,” and posted it on GitHub Tuesday afternoon. Github has removed the repository as of now.

He tested chaiOS on an iPhone X and iPhone 5S and said the bug affects iOS versions 10.0 through 11.2.5 beta 5. He has not tested the vulnerability on the latest beta, iOS 11.2.5 beta 6, which was released this morning. The bug can also affect Mac computers, according to Masri.

Malicious Link Texted to Mac And iOS Devices Can Freeze The Device© Twitter

It’s obviously best not to send the link to friends because it can cause the sending device to freeze up and crash as well. If your device is affected, quit the Messages app on Mac or iOS, open it back up, and immediately delete the entire message thread.

On Mac, you’ll need to swipe right on the trackpad or right click on to the person’s name to delete the conversation, while on iOS, you’ll need to swipe to the right on a person’s name to bring up the delete option.

A link that exploits a bug in iOS and Mac devices was shared on Twitter this afternoon, and if you receive this link through the Messages app, your iPhone or iPad can freeze up or respring, and the Messages app may become unusable.

Readers with long memories will recall that Apple users have been played with by text bomb vulnerabilities like this in the past.

For instance, in 2013 it was found that Macs and iPhones could be crashed by a simple string of Arabic characters, and in 2015 an attack dubbed “Effective Power” saw a sequence of characters allow mischief-makers to remotely reboot iPhones.