CoreText Exploit Crashes iOS and Mac Apps

A recently discovered CoreText exploit related to a specific sequence of Arabic characters can cause an error, which, as a result, crashes any application using the WebKit engine under iOS 6 and Mac OS, Habrahabr.ru reports.

According to the Russian site, the vulnerability can be reproduced by sending a possible string of text as an SMS message or iMessage, Safari, and naming a Wi-Fi network with one of the strings of text can cause an error.

iMore security editor, Nick Arnott, has tested the exploit, and here is what he found:

• “OS X 10.8.4 – Receiving the string in iMessage will crash it. You can restart iMessage without it crashing and delete the conversation.”
• “OS X Mavericks – Doesn’t crash Messages or Safari.”
• “iOS 7 – Doesn’t crash Messages or Safari.”
• “iOS 6 – System crashes after receiving message. After rebooting, Messages will crash every time you try to open it.”

The workaround looks pretty simple as well: Nick recommends signing out of iMessage, signing in with another account, and then signing out and in again with your original account. This procedure will remove any previous messages you had on the device.

Apple is apparently aware of this bug, since Mavericks isn’t vulnerable to the CoreText exploit. As regards iOS 7, the Russian site claims it causes apps to crash, but iMore’s Nick says it doesn’t.