KALYPTO (IN)SECURITY

Research, demonstrations, and popcorn

Bricking the Apple Message App

There are three reasons an exploit may exist in code:  poorly written code, logic failure on the part of the developer, or in the case of this exploit, using something in a way that was never intended or tested.  Arguably, this last one may be considered part of the logic failure area, but I tend to keep it separate because it is a true hack and not always just a design flaw.

vincedes3 has discovered a bug in the vCard handling in iOS 8 – iOS 10.2.1 b2 (latest) that can brick the messaging app until you either restore the device, or bypass the exploit vCard.  The details of how the exploit actually works vary.  Some sources claim it is just the size of the vCard causing the issue, others claim it is a script within the actual vCard.

For more details as well as a PoC vCard, head on over to vincedes3’s blog here:  https://vincedes3.com/crash-message-app-iphone/

appleexploitiosmessagingvincedes3

Kalypto • December 31, 2016


Previous Post

Next Post