Bug crashes WebKit based Mac and iOS apps with string of Arabic characters

A new rendering bug has been discovered that can cause Mac and iOS devices to crash.

As Russian security researcher has discovered that a specific string of Arabic characters can cause any application that uses WebKit such as Safari to crash in OS X Mountain Lion and iOS 6.

It seems to be due to a bug in Apple’s CoreText font rendering framework. According to the researcher, the vulnerability can be reproduced as follows (translated from Russian):

  • Sending sms on iPhone – thus there is a respring and you can no longer go to the app “Messages”. 
  • Sending a message via iMessage on iOS or desktop Messages in Mac OS – application is complete and more into it you can not stop.
  • Opening the page with a line – mobile Safari on iOS just closes. In this case, if you do not delete the history of visits, re-enter it will not work. Desktop Safari behaves the same way. Desktop Chrome will complete the tabs showing the error message, the browser will continue to work. New Opera and Yandeks.Brauzer behave like chrome.
  • With the line in the name of the WiFi-network (ESSID) – while scanning networks, this should result in an error. 

The security researcher says that he had reported the bug to Apple six months back. Apple seems to have fixed it in OS X Mavericks and iOS 7 as the vulnerability cannot be reproduced.

There was a similar bug, which caused the Messages app to crash, and you were unable to relaunch it. This can be potentially threatening if one of your notorious friends, or anyone for that matter with your iMessage id decides to send you a message with the specific sequence of Arabic characters.

[HackerNews via 9to5Mac]