A bug affecting the Messages app allows a string of characters sent to a person via iMessage or SMS to crash an iPhone and cause the Messages app to crash

A bug in the Apple iOS can cause the Messages app crash and iPhones automatically reboot when they receive a specific crafted text message. The bug could be exploited only when the message is sent from an iPhone to another iPhone, it seems it does not affect iPads, iPods or Mac computers.

When the user receives the message, he is not able to reopen the Messages app without reboot the mobile device. The only way to stop the problem is to get the sender of the malicious text message to send another message or wait for someone else to send a new one.

The news is circulating on many forums and social media specialized in Apple mobile devices, but Apple hasn’t provided information of the problem. Some of the users participating in the discussions are also sharing the particular text string, written partly in Arabic, that can be sued to crash iPhone.

Below an image published on Appleinsider.com

The popular website Macrumors has published a few suggestions to solve the issue, including the possibility to send a message to myself.

“If you receive one of these messages, there are a few possible fixes that have worked for us and for other people who have encountered the bug. If the Messages app was opened to the conversation with the person who sent the offending message, the Messages app can be reopened to this conversation. Sending a reply message fixes the problem. 
If Messages was opened to the conversation list view, the app will crash when you attempt to open it. You can fix this by having someone send you a message or by sending a message to yourself. There are several options for sending a message to yourself, including sending yourself a message via Siri or through the Share sheet in any app.
To send yourself a message in Siri, tell Siri to “Send a message to myself.” Siri will open up a dialogue where you can give her a quick message like “Fix” that’ll be sent to your iPhone to clear away the malicious message.  Alternatively, you can open an app like Notes, craft a quick note, and use the Share option (the little document with an arrow) to message it to yourself. Sending yourself something though the share sheet of an app opens a new messages window where you can enter your own contact information.” suggests Macrumors.

Similar problems already occurred in the past, in 2013 a similar flaw was affecting both iOS 6 and Mac OS X 10.8.

Anyone without particular knowledge can exploit the flaw just by sending the text string, they just need to have the victim’s phone number.

“While the bug does not cause any long-term damage to the receiver’s smartphone or give anyone access to details stored on the phone, it is nonetheless a rather pernicious flaw.” reported the International Business Times.

Let’s wait Apple for a comment on this issue.

Pierluigi Paganini

(Security Affairs – Apple iOS, Messages app)