I don’t know about you, but having my iPhone crash repeatedly is one of my worst tech nightmares. But that’s exactly what will happen if this link is texted to you over iMessage.
Abraham Masri, a software developer and researcher, told BuzzFeed News that he discovered this harmful bug while “fuzzing with the operating system. (For us non-techies, that means he was hacking the operating system by typing lots of random characters into the internal code.) With this particular bug, someone can freeze your iPhone by simply sending a link with the disastrous code. The scary part? You don’t even need to open it for it to do its damage. Without any action on your part, it will still cause iMessage to crash repeatedly, slow down Safari and drain your battery.
Masri claims he reported the bug, which he named chaiOS, on Jan. 15, but Apple didn’t seem keen on fixing the issue immediately. So, like any good tech vigilante, he posted the bug on GitHub, a web-based hosting service for managing source code, and shared a link to that GitHub page on Twitter on January 16.
“Text the link below, it will freeze the recipient’s device, and possibly restart it,” Masri tweeted, adding, “Do not use it for bad stuff.”
He wanted to get Apple’s attention and he did. “My intention is not to do bad things,” Masri told BuzzFeed News. “I always report the bug before releasing something.”
So how does it work? Someone texts you a link, which often shows up in your messages with an image preview and text (the URL and a brief title of the link). This preview is created by customized code, which a developer puts into their website’s HTML. In Masri’s case, he used thousands of random characters in the link, instead of just a few, which most likely caused the Messages app to crash.
GitHub temporarily suspended his account after he shared the malicious code publically on Twitter. Masri tweeted, however, that he’d never intended to rehost the code elsewhere but, rather, to push Apple to “take such bugs more seriously.”
So what do you do if you receive the link? Try deleting the message thread. If this doesn’t work, try restoring your device to its factory settings. Keep in mind, however, that this will erase all photos and saved data on your phone.
In the event that the bug is reposted on GitHub, one Twitter user, @eric_rmrz, suggests blocking the domain on your phone.
To do this, head to Safari’s Settings app > General > Restrictions > Enable Restrictions > Websites > Limit Adult Content > Never Allow > GitHub.io.
However, this will only work if the bug is being hosted on GitHub. It won’t help if someone posts the code on to their own server.
All in all, the best advice is to keep your device updated with the most recent version of iOS. Apple usually releases operating systems to handle new bugs as they arise. And according to Bustle, Apple confirmed a fix is coming in a software update within the week.