It appears that Mac and iPhone users have been hit with another threat, although opinions seem to be quite divided about just how much of an issue it truly poses.
This time it’s a text bomb. The threat is activated via a link embedded inside of a text message that can be sent to any iPhone. Once opened, any iOS device or Mac would then crash, most likely needing to be restarted. Some have also lodged complaints of being returned to their locked screens after hitting the link.
News of the link broke in typical trending style (after all, we all love a good suspenseful tweet to pep up in our tech-driven existences from time to time), via a Twitter update from US-based software developer Abraham Masri on January 16th. He also gave the bug the catchy, and equally trend-worthy, name of ChaiOS, (although given that the issue does concern a "text bomb", perhaps an accompanying Tom Jones "Sex Bomb" would have been equally effective and tongue-in-cheek). He'd initially posting a link to the troublesome code on GitHub, a programming site, though it was removed within 24 hours, apparently after Masri felt that enough time had passed to get the word out, to both Apple as well as customers with any affected products.
The bug I released was to get @Apple's attention. It's just an html file.@Github always hosted jailbreaks (even .ipa files) that might've included malware. I don't understand why you'd ban my account.— Abraham Masri (@cheesecakeufo) January 17, 2018
Btw, I always report bugs before releasing them.
Although Apple has not made an official statement in response to the issue, according to Masri, the one-man iOS vigilante offered his final take on why the link had been removed on January 17th, most likely because the initial threat has been removed.
No, I'm not going to re-upload it. I made my point. Apple needs to take such bugs more seriously.— Abraham Masri (@cheesecakeufo) January 17, 2018
In an effort to quiet some of the panic, security expert and blogger Graham Cluley explains that this latest popup, though irritating, does not pose a serious threat to iOS users: “Something about the so-called ChaiOS bug's code gives your Apple device a brainstorm. Ashamed about the mess it gets itself in, Messages decides the least embarrassing thing to do is to crash,” he wrote on January 17th. “Nasty. But, thankfully, more of a nuisance than something that will lead to data being stolen from your computer or a malicious hacker being able to access your files. Don't be surprised if Apple rolls out a security update in the near future to fix this latest example of a text bomb.”
iPhone users will also recall the “Effective Power” bug attack from back in 2015, an equally frustrating scenario that allowed a sinister and frustrating remote reboot of iPhones. Ultimately, these text message-centered attacks that seem to be popping up in the past few years do not have the potential to trigger a security breach or compromise the system in any sort of lasting or harmful way.
Perhaps in some ways, Apple's lack of response represented a wise move made to avoid creating unnecessary panic among its customers. Thanks to the presence of blogs, social media, and various forums, almost any issue can be shared and reported with lightning speed. Compared to more pressing issues like exploding batteries, however, Masri’s tweet was no doubt shared internally at Apple, and afterward, the message, and issue, were unceremoniously filed in the "Thanks, we're working on it. No comment," folder.