An publicly announced yesterday (picture of source page available here – won’t force a crash) shows how a string of Arabic characters can crash appliions in OS X 10.8 and iOS 6. The upcoming operating systems, iOS 7 and OS X 10.9, have fixed the bug, but was supposedly notified about this bug six months ago and still has not issued a fix for the current public operating systems.Jailbrkers are alrdy working to the bug over until relses a full fix:
Filippo Bigarella@FilippoBiga
I have a fully working that unfortunately applies only in MobileSafari. The more eral fix I came up with is not a cln solution.9:45 PM - 29 Aug 2013
This bug does not work on any other operating systems and does not allow anyone else to access your computer remotely because of it, but being a recipient (or even sender) of these characters may make your Messages app unusable, cause Safari/Chrome to crash, or not allow for scanning of SSIDs (if the string is broadcasted as a Wifi network name).
Back in 2009,iOS 3.0 was vulnerable to an SMS bugthat allowed others to remotely execute on the recipients’ phone. The 3.0.1 update introduced a .Hopefully will be pushing out a security fix in the nr future to make sure this doesn’t get too far.Update: A jailbrk fix has been relsed that fixes apps that cannot be opened due to the . The has not been tested or verified by us and may cause other issues when browsing.
Filippo Bigarella@FilippoBiga
WebCore ‘dumb’ to avoid crashes with today’s malicious character sequence: https://github.com/FilippoBiga/Glyph… (deb available under “relse” tab)10:32 PM - 29 Aug 2013
Filippo Bigarella@FilippoBigaYou can install that to open the apps that are currently crashing due to that bug. It’s not a definitive solution, but it’ll do for now.10:33 PM - 29 Aug 2013
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment