An iOS bug that makes it easy for miscreants to send an iPhone or an iPad into an unending crash spiral, rendering it useless until the victim performs a factory restore, has still not been fixed by Apple (via ArsTechnica).
Trevor Spiniolas, a programmer who notified Apple of the bug in August and received a response saying that it would be fixed by the end of the year, says “the bug is being handled inappropriately as it poses a serious risk to users and many months have passed without a comprehensive fix.”
As shown in the demonstration video below, the bug can be triggered by using an extremely long name, up to 500,000 characters in length, to identify a HomeKit-compatible smart device and then getting a user to accept an invitation to that network.
The device slowly becomes unresponsive until it eventually seizes up completely. Rebooting the device also doesn’t help.
“By the time the login screen appears, it’s impossible to enter a passphrase. The only thing left to do is to perform a factory restore. And even then, once the device is restored, it will once again become unresponsive as soon as it logs back into the user’s iCloud account during setup.”
The bug exists even in the latest version of iOS, according to the researcher. Apple also declined to issue a comment regarding the matter.