
iPhone: If You Get This Text Message, Your Phone Will Likely Turn Off - turrini
http://www.theblaze.com/stories/2015/05/27/beware-iphone-users-if-you-get-this-text-message-your-phone-will-likely-turn-off-immediately/
======
Someone1234
This is speculation, but I suspect what is happening is that while the
notification process doesn't run in kernel space, a text processing library
does. The unicode wstring is being sent into that library with the request to
"draw this text!" (to ultimately a buffer/bitmap) and when the text processing
library attempts to process the unicode string, it chokes on part of it,
crashes in kernel space and iOS panics and resets.

This is speculation, but has happened before. The "good news" is that it is
likely not usable to install malware or to inject running code into kernel
space. The "bad news" is that people can continue to DDoS each other until it
is fixed (and maybe via other apps which have notifications, like email,
assuming it pushes unicode strings into the notification).

The only interesting question is why this crashes iOS with notifications but
NOT with just viewing the text in the Message app? That I'd love someone to
dive into (e.g. do they use different libraries to draw text?).

~~~
yellowapple
It doesn't sound like it's a kernel panic, though; based on the description,
it sounds like the issue is with the UI ("Springboard"), which explains why
jailbroken devices (which usually have Cydia's "substrate" installed to catch
Springboard crashes) are kicked to "safe mode" instead of outright crashing.

The most plausible hypothesis I've heard so far (mixed with my own
speculation) is that whatever code handles notifications runs into some sort
of resource exhaustion (whether it's a memory overflow or an integer overflow
or somesuch), causing Springboard to segfault. Cydia's substrate catches this
on jailbroken devices, causing Springboard to enter Safe Mode (which is
unaffected by this bug), while non-jailbroken devices - unable to handle
Springboard crashing - resort to rebooting.

~~~
fyrabanks
you're right about the springboard bit. as for the crash itself, it's easier
for me to just to quote a reddit comment:

"It only works when the message has to be abbreviated with '...'. This is
usually on the lock screen and main menu of Messages.app.

The words effective and power can be anything as long as they're on two
different lines, which forces the Arabic text farther down the message where
some of the letters will be replaced with '...'

The crash happens when the first dot replaces part of one of the Arabic
characters (they require more than one byte to store) Normally there are
safety checks to make sure half characters aren't stored, but this replacement
bypasses those checks for whatever reason."

------
andrewrice
Reminds me of the punters that used to exist for AOL Instant Messenger back in
the day. Interesting to see this being an issue in 2015.

[http://en.wikipedia.org/wiki/AOHell#Features_of_AOHell](http://en.wikipedia.org/wiki/AOHell#Features_of_AOHell)

------
Artemis2
Here is the source: [http://redd.it/37enow](http://redd.it/37enow)

TL;DR: This string of characters will crash an iPhone. People have shown this
is related to the way notifications are displayed. Therefore, anytime this
shows up in a notification, the iPhone will restart. Affects the Apple Watch
too. There's more info and speculation in the reddit comments.

