Thursday, October 10, 2024
HomeSecurity NewsNew ChaiOS "Text Bomb" Bug that can Crash any iPhones, iPads and...

New ChaiOS “Text Bomb” Bug that can Crash any iPhones, iPads and Macs with a Single Link

Published on

A new bug dubbed chaiOS ” Text Bomb ” can affect iMessage apps on macOS and iOS. On iPhone, a single malicious link can cause the device to crash and with macOS, it kills safari browser.

The bug was discovered by Abraham Masri and it makes the target device to freeze, drain the battery and possibly restart.

He posted the PoC link in GitHub and reported in twitter, at the time of writing the link ends up with 404, seems GitHub administrator removed it.

- Advertisement - EHA

https://twitter.com/cheesecakeufo/status/953401511429726210

9to5mac reported the chaiOS bug and had mixed results “In some instances, sending the link would cause both the sender and recipient’s device to respiring or cause the Messages app to instantly freeze and crash“.

ChaiOS bug tested with iOS 11.1.2, users don’t require to do any installation, all they need to do is simply sending the malicious link in an SMS message.

The flaw resembles Effective Power bug which hits iPhone a few years before. ChaiOS will not make a serious impact as of now, it can be used to play pranks.

Also Read Apple Released a Critical Security Updates for iOS 11.2.1

“I found a (small) bug that causes the device to freeze, respring, drains the battery, and/or sometimes panic,” says Abraham Masri.

No need to install anything. Just open, tap then paste. Here you can see how it works.

Mitigations – Text Bomb

  • Forcing the message app to close and delete the thread.
  • Reddit user “TeCHEyE_RDT” suggested to send a message to yourself and delete the threat.
Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Mozilla Warns Of Firefox Zero-Day Actively Exploited In Cyber Attacks

A critical use-after-free vulnerability affecting Firefox and Firefox Extended Support Release (ESR) is being...

SpyCloud Embeds Identity Analytics in Cybercrime Investigations Solution to Accelerate Insider and Supply Chain Risk Analysis & Threat Actor Attribution

IDLink, SpyCloud’s new automated digital identity correlation capability, is now core to its industry-leading...

Abusix and Red Sift Form New Partnership, Leveraging Automation to Mitigate Cyber Attacks

The agreement has marked over 600,000 fraudulent domains for takedown in just two months...

Hackers Exploiting Zero-day Flaw in Qualcomm Chips to Attack Android Users

Hackers exploit a zero-day vulnerability found in Qualcomm chipsets, potentially affecting millions worldwide.The flaw,...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Critical PDF.js & React-PDF Vulnerabilities Threaten Millions Of PDF Users

A new critical vulnerability has been discovered in PDF.js, which could allow a threat...

LayerX Security Raises $26M for its Browser Security Platform, Enabling Employees to Work Securely From Any Browser, Anywhere

LayerX, pioneer of the LayerX Browser Security platform, today announced $24 million in Series...

Email Header Analysis – Verify Received Email is Genuine or Spoofed

Email Header Analysis highly required process to prevent malicious threats since Email is...