Home / / Apple scrambles to fix iPhone-crashing iMessage flaw

Apple scrambles to fix iPhone-crashing iMessage flaw

‘Unicode of Death’ exploit allows message senders to cause memory overflows in handsets

Apple scrambles to fix iPhone-crashing iMessage flaw
The security flaw allows malicious actors to overload an iPhone’s memory and crash the handset.

Apple has uncovered a flaw in its iMessage app that allows malicious actors to overload an iPhone's memory and crash the handset, online media reported.

The bug was first mentioned on Reddit blogs, and picked up by Apple fan site MacRumors on Tuesday. According to another fan site, CultofMac, the message begins with Arabic characters, but the memory overflow is caused by a string of Unicode characters at the end of the message. The security exploit dates back to 2013 and was used to target iOS6. It has been named "Unicode of Death".

Apple confirmed the existence of the flaw in an emailed statement.

"We are aware of an iMessage issue caused by a specific series of Unicode characters and we will make a fix available in a software update," Reuters quoted the statement as reading. It was not clear if the news agency was the exclusive recipient of the statement.

CultOfMac suggested users turn off text previews on their iPhones. It also said asking Siri to send pictures to the source of the message and keeping iMessages out of Notification Center were other possible solutions.

Follow us to get the most comprehensive IT Security news delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.

REGISTER NOW | Webinar Event | Security you can bank on – Safeguarding the Middle East’s financial sector

Presented in partnership with security and network specialist Cybereason, the second in the three part webinar series will bring together a panel of experts to discuss how banks and financial institutions are evolving their service offering while simultaneously staying one step ahead of the cyber criminals who seek to bring their operations crashing to the ground.