Some of the tricks are funny, others far from it

May 30, 2015 08:11 GMT  ·  By

Apple released a workaround for the bug causing an iOS device when it receives a specially crafted message, but a proper fix is still to emerge and in the meantime people explored the exploitation possibilities of the flaw.

Dubbed “effective. Power,” the vulnerability lies in how Apple’s CoreText library processes unicode characters in text messages. The initial variant contains Arabic characters, but it does not necessarily have to be so, and a 75-byte string of unicode does the trick, too (e.g. Chinese glyphs).

As soon as users learned about the bug, there were pranks galore, with Apple mobile devices crashing all over the place.

Prevent access to Wi-Fi settings, crash Mail

However, the possibilities have not ended and some cool tricks and nasty jokes can be pulled, a video on YouTube (embedded below) showing 10 of them aimed at iPhones.

Apart from simply sending a message (via multiple communication avenues) to the targeted device, which would crash when previewed in the notification area, there are some other ways to cause some trouble, that do not involve showing it in the preview area.

One method to mess around with iDevices is to change the name of the Wi-Fi network to one with the special unicode string. The effect: users can no longer access the Wi-Fi settings because the app crashes immediately after reading the name of the wireless connection.

Of course, once they get out of the wireless network range, access to the settings is regained.

Also, a nasty prank is placing the unicode text in the subject line of an email and send it to an iPhone user. The result: the device crashes when the notification is accessed and the Mail app can no longer be launched.

Bring down Maps and Safari

In a different example, the YouTube poster shows how to cause the Maps app to terminate itself. The feat is achieved by creating a URL scheme for Apple Maps an inserting the troublesome characters in the web page link.

When the link is visited and the text indicating the maps location is tapped, Maps crashes; the worst part is that opening the app and trying to run a query also leads to denial-of-service.

Sitting at number seven on the list of pranks, is killing Safari for iOS. By creating a web page with difficult to process unicode characters in the title any visitor from Safari will witness the browser crash. Another consequence is that Safari will no longer be able to access pages starting with the same letter as the unicode string.

Additional pranks presented in the video include locking a user out of a Snapchat conversation, saving the code as a contact name (crashes Contacts when trying to view the whole listing) and changing the name of the device, which locks access to the About page of the phone.

Check out the full 10 tricks shown in the video: