The researcher and software developer Abraham Masri has discovered a new bug, dubbed ‘chaiOS Text Bomb’ that could be exploited to crash recipient’s iMessage application in a continuous loop.
? Effective Power is back, baby!
Text the link below, it will freeze the recipient's device, and possibly restart it. https://t.co/Ln93XN51Kq
⚠️ Do not use it for bad stuff.
thanks to @aaronp613 @garnerlogan65 @lepidusdev @brensalsa for testing!
— Abraham Masri (@cheesecakeufo) January 16, 2018
The flaw exploited by the ‘chaiOS Text Bomb’ affects both iOS and macOS, according to researchers at Yalu Jailbreak, the bug is currently compatible up till iOS 11.1.2 firmware, this means that it affects iMessage apps on macOS High Sierra, iOS 10 to 10.3.3, and iOS 11 to 11.2.1.
A proof-of-concept page has been put together by Masri and shared on Twitter yesterday, but the page has been removed from GitHub due to potential abuses, anyway, a new mirror has been already added.
“chaiOS is a malicious iOS bug that can cause the target device to freeze, respring, drain the battery, and possibly kernel panic. It is developed by the eminent jailbreak developer, Abraham Masri.
Here are the known after-effects once someone opens the malicious link.
It weighs around 7MB and loads some the exploit into user’s browser window and then crashes it.” states Yalu Jailbreak.
Below is a video PoC of the exploitation of the bug:
Researchers observed that the chaiOS Text Bomb can also affect Windows systems, it can also crash Chrome and Firefox web browsers.
The download link to the chaiOS is reported on the following page, but please don’t use it.
Below instructions to trigger the bug:
|[adrotate banner=”9″]||[adrotate banner=”12″]|
(Security Affairs – chaiOS Text Bomb, hacking)