A software developer has uncovered a new bug in iOS that can freeze and crash an iPhone whenever it receives a specially crafted web link.
The bug involves the Messages app, which conveniently loads a preview of any web link it receives. However, developer Abraham Masri found that he could exploit this previewing function to essentially overload the app.
He did so by creating a special webpage that loads with "hundreds of thousands of characters" inside its internal code, Masri told BuzzFeed. The sheer amount of characters will not only overwhelm the Messages app when it tries to preload them, but force the whole phone to stall.
Masri tweeted about the bug on Tuesday. But to prove his point, he also posted a link to his special webpage, letting anyone test it out.
"Text the link below, it will freeze the recipient's device, and possibly restart it," he tweeted on Wednesday. "Do not use it for bad stuff."
The demo didn't sit well with everyone. GitHub, which hosted the special webpage, took it down.
The good news is that restarting the device will usually clear the problem, but the Messages app may refuse to open. (Visiting this link from a French developer over the iPhone, and then deleting the tainted message, can supposedly solve the problem. A video demonstrating the fix can be found here.) Unfortunately, iPhones hit with attack may lose their saved text messages, so it's probably not a good idea to test out the bug for amusement's sake.
The flaw affects iOS versions 10.0 to 11.2.5 beta 5. On Thursday, Apple said a fix is coming in a software update next week. In the meantime, Masri is declining to re-upload his specially crafted webpage, however copies of it still exist.
It isn't first the bug to hit Apple's Messages app. In 2015, it was found that a specific string of symbols and Arabic characters sent to an iPhone can also crash the device.