We found 1 good reason to get the iOS 11.4 update – rogue message handling

[J.C]

Source: https://nakedsecurity.sophos.com/2018/05/31/we-found-1-good-reason-to-get-apples-ios-11-4-update/

 

Earlier today, we wrote about iOS 11.4, Apple’s latest but not-yet-documented security update for iPhone and iPad users.

We updated simply because we could, but some people have said to us, “We want something concrete to go on, not just the word ‘because’.”

They’ve got a point: a security update that doesn’t give you a reason to install it is unusual these days, and makes you think that all you’re getting is a bunch of new features.

That might not be enough to get you across the patch line on its own.

 

Well, even without Apple’s official security advisory email, we think we’ve found a more-than-good-enough reason.

Remember the WhatsApp “message of death” and the iMessage “black dot” problem from the start of May 2018?

These were publicly circulating text messages that looked as though they were just one line long, but actually contained thousands of Unicode control characters to change text direction.

The offending characters are formally known as LEFT-TO-RIGHT MARK and RIGHT-TO-LEFT MARK – they don’t take up any space on the screen, but they are commonly needed when rendering text in languages such as Arabic and Hebrew.

Those languages write their text from right to left, but commonly write numbers left to right using Indian numerals, just as we do in English.

So Arabic and Hebrew routinely need to typeset text from the right, then to jump ahead and set numerals backwards from the left towards the text just printed out, then to switch back again, skipping over the numerals and again laying out the text from right to left.

However, it seems that the text rendering code in Apple’s products was clearly never designed to switch left/right/left/right thousands of times in a row for no good reason at all other than to cause mischief.

Indeed, earlier this month, we deliberately sent several rogue “messages of death” to the iOS Messages app, and we quickly ended up in trouble.

We couldn’t easily get back from the message screen, where the app was trying desperately to process the rogue messages, to the main list of conversations, where we could have deleted all the rogues in one go.

Unfortunately, we couldn’t open individual messages from the message screen to invoke the “delete message menu”, either.

The app would typically freeze solid, or crash before we could fix things, whereupon restarting the app just jumped us straight back to where it had been when it crashed, and so the cycle continued.

Better after the update?

Anyway, after updating to iOS 11.4, we tried sending rogue messages again, and things were nowhere near as bad as before.

We can’t be sure that Apple set out to fix this flaw, but it looks as though the Messages app is now automatically cutting off long messages to limit the number of invisible Unicode control characters that can be flung at the app.

As far as we can see – and this is entirely down to basic deduction, not the result of any actual analysis, so don’t hold it to this! – these truncated “messages of death” can fairly easily be deleted, which wasn’t the case when we tried this before the update.

We were able to delete rogue messages them one by one, as well as to escape out to the main Messages to delete entire conversations in one go.

So, if you’re looking for a good reason to update to iOS 11.4 even in the face of Apple’s security silence, perhaps this is enough to convince you?

As we said, this is all down to deduction – we can’t easily tell if Apple has changed the Messages app at all, let alone with the intention of mitigating the “message of death” problem…

…but we certainly didn’t find things worse than before, so we’re pleased anyway.

[Israeli_Eagle]

Moved from Security & Privacy News

[stormxeron]

Too bad. I want to update but I want jailbreak as well. I hope the anticipated jailbreak comes on iOS 11.3.1.