Apple ignoring major iOS/OS X security vulnerability?

beach-ball-of-death

You probably haven’t heard of CoreText, the framework Apple uses to render fonts in iOS and OS X, but it’s at the root of a security exploit that the company can’t seem to fix. According to a report from Habrahabr.ru (that’s a Russian site in case you did not infer from the URL), Apple has been aware of the issue for at least six months but either hasn’t attempted to or has been unable to patch the problem.

The gist of the exploit involves inserting one of several strings of text, which upon being read by an app force it to crash. This could be as simple as sending a text with the string of characters to an iOS user. When the SMS is opened, the Messages app will crash, repeatedly. Another method involves using one of the malicious strings as a WiFi network name, causing headaches for Safari users.

The good news is that while no patch has been issued for the current generations of iOS and Mac OS X, the bug does seem to be resolved in Mavericks and iOS 7. After upgrading platforms this should be a non-issue. Still, it’s a head scratcher why Apple might fix the problem for their app updates without providing any help to those using older software versions.

[via BGR]

Continue reading:

TAGS:




  • David

    Good news! In 2 months, you’ll be able to get the updates! Apple’s stance until then: F**k you!

  • Renkman

    Hadn’t heard about this one. Perhaps it hasn’t affected the masses, and therefore is riding under the radar and is not a high priority? Either way, it is puzzling, but not every exploit is fixed, especially with an impending built-in solution is coming in less than two weeks, not 2 months.