iOS Security News: iPhone Users Warned of 'chaiOS' Link That Freezes Devices; Fix Arrives Next Week
iPhone users were recently warned about a website link being sent around through iMessage that could freeze or automatically restart their device. Apple has now identified the issue and a fix is promised to arrive next week.
The security flaw, which is now referred to as chaiOS, was originally discovered and tested by software developer Abraham Masri.
The vulnerability specifically works against the Messages app when exploited. When website links arrive through Messages, the application is programmed to preload the page, which is why a user can view its thumbnail even before opening or clicking on it.
Masri told BuzzFeed he had created a page hosted on GitHub where he placed "hundreds of thousands of characters" in its metadata. This amount of information was obviously way more than what the Messages app was built to recognize, which explains why the modified link and page crashed the application and even forced the entire device to reboot.
Several people who have tried receiving the chaiOS link confirmed that it really caused the Messages app to freeze. It also resulted in several other issues such as a phone reboot or respring. The latter process refers to when an iPhone is unable to complete a function and the device ends up showing the lock screen.
One of the people who tried the chaiOS link, Twitter user @aaronp613, also told BuzzFeed: "The device will freeze for a few minutes. Then, most of the time, it resprings." He added that after receiving the link, his Messages app continued crashing while its contents were unable to load.
Meanwhile, Masri's repository for the webpage has reportedly been taken down.
As of the moment, the fix for the chaiOS is only available for the iOS 11.2.5 beta 6 that is still limited to a developer release. While waiting for the public version of the patch, reports listed several ways to fix an iPhone that was sent a chaiOS link which included blocking the GitHub.io domain on Safari and performing a factory reset.