Security researchers are always uprooting new vulnerabilities within a range of devices. For example, one researcher recently discovered how one of the most popular Mac utility applications was harvesting your personal data. Something similar happened in August with a popular Firefox internet browser add-on.
Now, a security researcher has uncovered a new vulnerability, though this is not associated with a downloadable add-on or software program. Rather, it's a simple piece of code that could be sent to you within a message, and when clicked, it could crash your iPhone and force it to reboot.
This is not the first time that we've seen something like this happened on Apple devices, as we saw back in February 2018. However, it's something that crops up from time to time and should be avoided. Read on to find out more about this rogue message.
About the text bomb
Messages like these are often called "text bombs", as when sent to you via text message, they can essentially "nuke" your phone, sending it into a state that only a reboot can fix. In some cases, they can even force your phone into a crash loop, where it crashes, reboots and repeats, endlessly.
Fortunately, this issue isn't triggered by simply receiving the text message like the one that we saw earlier this year. You'll only suffer the crash problem by clicking on the link through your smartphone if it is sent to you.
The link in question is shown below within a tweet that was posted by the security researcher in question, Sabri Haddouche. The URL directs you to a proof-of-concept website that doesn't look like much at all; it contains just 15 lines of code.
The code that's used to create the website exploits a vulnerability within the iOS (iPhone / iPad Operating System) web rendering system, called WebKit. Apple requires all applications and internet browsers to use this WebKit, so there's no getting around the crash if you do click the link.
According to Sabri, it takes a minimal amount of effort to cause the problem; the simple code causes what's known as a "kernel panic" on the phone. The kernel is the very base level of software that facilitates communication between the hardware and base software, so when a kernel panic is forced, it shuts the phone down to prevent damage.
Simply put, there's too much information and processing thrown at the phone for the system to handle, so it rolls over and gives up to prevent itself from overheating or being subject to other damage.
Should you be concerned?
Fortunately, as we've mentioned above, you're in control of this situation; if you receive a message, email, or anything else containing a link that you don't recognise, then don't click it without a second thought. This is generally good practice to get into anyway, as there are thousands of malicious links floating around in popular messaging applications that could steal your personal data if handled incorrectly.
There's also no major risk of clicking this link, as the worst thing that can happen is your phone will reboot itself. This could simply mean lost data if you were in the middle of an activity that hasn't been saved. Still, if you have any more concerns, you can get in touch with WiseGuys to discuss them on 0808 123 2820.