Google’s Project Zero often discovers flaws in the software of other companies and gives 90 days for those flaws to be fixed before revealing them to the public. Today, Google has taken the wraps off of a flaw with Apple’s iMessage which would cause iPhones to repeatedly crash. Thankfully, Apple has already fixed it.
Nomad case for Pixel 3
Disclosed in an issue tracker post (via ZDNet), Google’s Project Zero first discovered and revealed this iMessage flaw to Apple back in April. The issue, which also affected macOS, would see a malformed message containing a text key cause an exception which, in turn, would cause the system to crash.
On a Mac, this flaw would cause “soagent to crash and respawn,” but on iOS, the issue affects Springboard, which is what powers the device’s home screen. Receiving this message through iMessage would cause Springboard to crash and respawn repeatedly and make the phone inoperable.
Strangely, the behavior would survive a full reboot of the machine with the crashing continuing as soon as the device was unlocked. This meant that the device had to be fully wiped in order to start working again.
On a Mac, this causes soagent to crash and respawn, but on an iPhone, this code is in Springboard. Receiving this message will case Springboard to crash and respawn repeatedly, causing the UI not to be displayed and the phone to stop responding to input. This condition survives a hard reset, and causes the phone to be unusable as soon as it is unlocked.
Thankfully, this iMessage flaw was fixed by Apple long before Google’s Project Zero revealed it to the public. The flaw was just revealed on the issue tracker today but was fixed in iOS 12.3 which was released back in May.
More on Google:
- Google Project Zero team reveals ‘high severity’ flaw in macOS kernel, working w/ Apple on a patch
- With iOS 13 launch, Apple issues customary Android update critique
- Are Powerbeats Pro the best wireless exercise headphones…for Android?