Google’s Project Zero Security Analysts Reveal Now-Fixed iMessage Flaw That Bricked iPhones
A recently discovered flaw that bricked iPhones through iMessage has luckily been fixed.
Google’s Project Zero, a team of security analysts tasked with finding zero-day vulnerabilities or bugs in other companies’ software of the type that can be exploited by state-sponsored hackers, intelligence agencies, and criminals, gives 90 days for the flaws to be fixed before releasing them to the public.
A new report from ZDNet reveals that the team found a flaw within Apple’s iMessage platform that would cause iPhones to repeatedly crash, an issue that the Cupertino company has since fixed.
Project Zero security researcher Natalie Silvanovich explained that a malicious message containing a text key that’s not a string could cause an exception to occur in iPhones, causing the system to crash.
On macOS, the flaw would cause “soagent to crash and respawn,” but on iOS, the issue affects Springboard, the platform that runs the iPhone’s home screen. The aforementioned message would cause Springboard to crash and restart repeatedly, making the device unusable, even if a user performed a full reboot of the OS. In order to make the device usable again, a user would have had to perform a full wipe.
“On a Mac, this causes soagent to crash and respawn, but on an iPhone, this code is in Springboard,” reads the report. “Receiving this message will case Springboard to crash and respawn repeatedly, causing the UI not to be displayed and the phone to stop responding to input. This condition survives a hard reset, and causes the phone to be unusable as soon as it is unlocked.”
Luckily, Apple was able to address and fix the issue in May with the release of iOS 12.3, long before Google’s Project Zero made the flaw public.