ChaiOS “text bomb” can crash your iPhone, iPad or Mac with a single malicious link

A new type of malicious link that exploits an annoying bug in iOS and macOS can cause an unsuspecting user’s iPhone, iPad, iPod touch or Mac to restart or freeze when received through the Messages app or opened in Safari.

Chicago-based software developer Abraham Masri‏, who first discovered this, shared the malicious link Tuesday afternoon on Twitter.

Pranksters, please do the right thing and refrain from sending it on!

Linked to a GitHub page, the malicious attachment causes the Messages app to freeze. Opening it in mobile or desktop Safari causes the browser to hang or become unresponsive. The link can also freeze the recipient’s device or possibly even restart it.

While the text bomb can also delete the entire conversation, your other personal data is unaffected. Force-quitting the Messages app and deleting the entire offending conversation from the messages list appears to solve this problem.

This attack apparently overloads a device with several megabytes of text, consisting mostly of Unicode cascading accent marks, which causes most apps capable of displaying Unicode to slow down a lot. It points to a probable bug somewhere in Apple’s Unicode rendering engine.

A fix for the issue is expected in future iOS and macOS updates.

Computer security expert Graham Cluley wrote on his blog that something about the so-called ChaiOS bug’s code gives your Apple device a brainstorm. “Ashamed about the mess it gets itself in, Messages decides the least embarrassing thing to do is to crash,” he wrote.

Although this is an annoying bug, it’s more of a nuisance than something that will lead to data being stolen from your device or a malicious hacker being able to access your files, he added.

This isn’t the first time we’re seeing an exploit that can crash an iOS device with a link.

Back in May 2015, a similar bug, called Effective Power, allowed ill-minded people to cause a recipient’s iPhone to respring. If a user received a text bomb while their handset was locked, the bug would force their phone to reboot.

This reminds me of those pesky Lock screen exploits that used to plague iOS for years. You’d think after all those years Apple would finally get around to squashing Unicode text bugs.

Have you received this text bomb yet? If so, did your device crash or become unresponsive?

Let us know down below in the comments.