A new iOS bug will make you say - "Chai," if you click on its link. The link to the malicious was posted by Abraham Masri, and was posted on Tuesday.
According to Abraham, he was trying to break the iOS by inputting random character into its internal code. The bug will crash your phone either you click it or not.
The bug has now been confirmed to have affected iPhone X and iPhone 5s. It also affects iOS versions 10.0 through 11.2.5 beta 5, and also affect MAC computers.
The code is able to work with web preview link. Apple allows developers to insert few links into their website's HTML to customize the image and title of preview messages in Messages, but Masri did not insert few characters, but massive random characters into the webpage metadata, which is why the iPhone crashes.
The Github hosting the malicious code was initially suspended, but was later restored, but since it was publicly hosted on Github, this might mean some folks have downloaded it, and might want to use it for malicious purposes.
Masri confirmed he had sent the bug to Apple, but instead he got ant two automated emails, and nothing that confirms that the company will work on the discovered bug.
How To Be Safe From ChaiOS Bug
- You must always use the latest security update from Apple.
- You can restore your iPhone using factory reset, but please note that you also risk losing your photos, saved data and settings.
- Block Github domain by going to Safari settings (Settings app > General > Restrictions > Enable Restrictions > Websites > Limit Adult Content > Never Allow > GitHub.io). This is effective if the person sending you this uses Github to host the code, if they use their own server, then you are still vulnerable.