chaiOS Bug can crash iMessage App on any iPhone and macOS with a simple link

The software developer Abraham Masri has discovered a new bug, dubbed ‘chaiOS’ that could be exploited to crash a target’s iMessage application.

The researcher and software developer Abraham Masri has discovered a new bug, dubbed ‘chaiOS  Text Bomb’ that could be exploited to crash recipient’s iMessage application in a continuous loop.

The flaw exploited by the ‘chaiOS  Text Bomb’ affects both iOS and macOS, according to researchers at Yalu Jailbreak, the bug is currently compatible up till iOS 11.1.2 firmware, this means that it affects iMessage apps on macOS High Sierra, iOS 10 to 10.3.3, and iOS 11 to 11.2.1.

The exploitation of the issue is very simple, an attacker just needs to send a link to a web page hosting a JavaScript code that attempts to send an SMS message. The iMessage application fails to properly handle the code triggering the crash of the app. In some cases, it has been observed that the iMessage app enters a continuous reboot loop.

A proof-of-concept page has been put together by Masri and shared on Twitter yesterday, but the page has been removed from GitHub due to potential abuses, anyway, a new mirror has been already added.

“chaiOS is a malicious iOS bug that can cause the target device to freeze, respring, drain the battery, and possibly kernel panic. It is developed by the eminent jailbreak developer, Abraham Masri.

Here are the known after-effects once someone opens the malicious link.

• The stock Messages app goes completely blank.
• Messages app crashes instantly after opening.
• Slowdown the target device.

It weighs around 7MB and loads some the exploit into user’s browser window and then crashes it.” states  Yalu Jailbreak.

Below is a video PoC of the exploitation of the bug:

Researchers observed that the chaiOS Text Bomb can also affect Windows systems, it can also crash Chrome and Firefox web browsers.

The download link to the chaiOS is reported on the following page, but please don’t use it.

https://yalujailbreak.net/chaios/

Below instructions to trigger the bug:

• Open the Messages app.
• Select the recipient whose device you want to crash.
• Send them the aforementioned link. Be sure to include a “/” at the end.
• You are done with this now. Just wait for them to open the link in Safari.