A serious bug has been uncovered in Apple's CoreText layout engine, which is responsible for laying out text in applications which make use of the Cocoa framework on OS X and iOS systems. The bug causes any app relying on CoreText to crash when a specific string of Arabic characters is displayed, meaning just the simple act of viewing a tweet or receiving an instant message is enough to trigger the crash. With apps like messaging or email clients, the problem is more severe, as the app may continue to crash repeatedly if it attempts to display previous message history or previews of email content.
The good news is it appears that Apple has already addressed this bug in the upcoming versions of OS X 10.9 Mavericks and iOS 7, but as of yet no updates have been released to correct the issue on the current versions of the operating systems that are affected (OS X 10.8 and iOS 6).
This isn't the first time that innocent strings have been found to cause crashes in apps. Back in February, an odd bug was discovered which caused apps to crash whenever a reference to a local file URL (e.g. file:///) contained a capital "F". While there isn't a foolproof way to prevent exploits like this from being used, some sites have taken preventative measures. Facebook is currently blocking messages which are found to contain the string, and I'm sure as word of the issue gets around Twitter and other sites may take similar actions.
The best advice I can give for users, however, is to be cautious about viewing links and reading messages from people that you don't know or that seem otherwise suspicious. Obviously, the nature of this bug makes it difficult to completely avoid, as receiving a message or opening a page where a spammer has left the string in a comment could easily trigger a crash, and there's little that could be done to prevent it.
Here's hoping that Apple picks up on this and corrects the issue before anyone finds any creative methods for taking advantage of the problem.
[via TechCrunch]
Share
via TUAW - The Unofficial Apple Weblog http://www.tuaw.com/2013/08/29/bug-in-coretext-allows-a-string-of-characters-to-crash-apps/
0 comments:
Post a Comment