A Quick Intro to chaiOS
Sometimes, at SCS we like to make our posts short and sweet. With chaiOS, we have a great time to do so. The researcher has already removed his exploit on Github. Apple’s actively working on a fix. The best part, it causes no lasting damage. But researchers report bugs like chaiOS regularly. It’s a common class of bug, and worth knowing.
chaiOS
When sent a webpage link in Messages, the app will generate a preview of the webpage for you. Apple normally allows developers to include some special characters into their webpage. That way, you can customize the preview. Normally, most developers only put in a few of these characters. However, the security researcher Abraham Masri discovered that sending hundreds of thousands of characters would cause issues in Messages. Testers have reported battery issues, crashes, and system reboots. Thankfully, restarting the device and deleting the message thread fully fixes the issue. Apple has already started on a fix, and Abraham has taken the bugged webpage off his Github as a result.
Interestingly, this has happened before, with Effective Power in 2015 and an abuse of the HTML5 History API in 2016. Thankfully, these crashes do not pose a security risk. They only make your day a little worse by forcing you to restart your device.
About Secure Compliance Solutions LLC
Secure Compliance Solutions LLC (SCS) provides a wide range of cybersecurity consulting and managed security services to small and medium sized businesses (SMB) and government agencies, fortifying their Information Security and Data Privacy programs. SCS works with its clients to tailor and implement industry-proven frameworks and standards to meet compliance goals and drive consistent security operations. We raise awareness of current security trends and risks to prepare personnel to recognize and defend against potential security issues. We implement technical solutions and controls to minimize data risks and liabilities. Our Managed Security Service provides “constant watch” against both internal and external cyber threats and attacks. At SCS, we promote a strategy of readiness and resilience that facilitates business risk mitigation and enables dynamic response capabilities to keep your business up and running.
Recent Posts
Posts by Month
- November 2024 (1)
- October 2024 (1)
- August 2024 (1)
- June 2024 (1)
- April 2024 (2)
- February 2024 (1)
- October 2023 (1)
- February 2023 (1)
- November 2021 (2)
- October 2021 (1)
- December 2020 (2)
- November 2020 (2)
- October 2020 (4)
- September 2020 (1)
- August 2020 (1)
- July 2020 (1)
- June 2020 (1)
- May 2020 (1)
- April 2018 (1)
- March 2018 (5)
- February 2018 (3)
- January 2018 (5)
- December 2017 (3)
- November 2017 (3)
- October 2017 (6)
- May 2017 (1)
- January 2016 (3)
- November 2015 (1)
- October 2015 (1)