/Text rendering vulnerability on iOS and OSX crashes apps
AppleAugust 30, 2013

Text rendering vulnerability on iOS and OSX crashes apps

A seemingly innocuous text-rendering bug is causing problems for OSX and iOS users.  Web browsers and other apps running on current versions of iOS and OS X can be forced to crash (and sometimes in operable as is the case with iMessage and the Network app which scans SSIDs) by making them render a specific, nonsensical string of Arabic characters.

On Firefox, the string renders fine

Screen-Shot-2013-08-29-at-1.14.33-PM

Safari instantly crashes

Screen Shot 2013-08-30 at 12.44.42 PM

 

And Chrome has the tab loading the page in question crash

Screen Shot 2013-08-30 at 12.44.47 PM

The actual page can be seen here.

 

The bug seems to originate from Apple’s CoreText API which means any application using it is vulnerable.  According to the Russian website Habrahabr.ru , Apple has been aware of this vulnerability for six months and has yet to patch the exploit in any currently available operating system build.  The author notes however that this is no longer an issue with the current beta versions of iOS 7 and OSX 10.9.

source Hacker News

TAGS:

Related posts