Picking Apart the Crashing iOS String

Manish Goregaonkar has published this absolutely fascinating analysis of the iOS crashing bug that occurs when it comes across a particular text string.

So there’s yet another iOS text crash, where just looking at a particular string crashes iOS. Basically, if you put this string in any system text box (and other places), it crashes that process. I’ve been testing it by copy-pasting characters into Spotlight so I don’t end up crashing my browser.

[…]

I was pretty interested in what made this sequence “special”, and started investigating.

Even if you are not interested in the technical details, I urge you to go read it. The explanation about Indic scripts is incredibly interesting read.

February 16, 2018 ✚ Permalink

Another Password Related Bug Found in macOS High Sierra

Another password-related bug has been discovered in macOS High Sierra, this time in the App Store Preferences in the Settings.app.

Joe Rossignol, reporting for MacRumors, says:

The security vulnerability means that anyone with administrator-level access to your Mac could unlock the App Store preferences and enable or disable settings to automatically install macOS updates, app updates, system data files, and, ironically, even security updates that would fix a bug like this one.

This sounds really embarrassing for Apple, but this is far from being a major bug. First, the App Store preferences are unlocked by default for admin users — and it doesn’t work for/affects the non-admin users. Additionally, if anyone with malicious intent has admin access to your Mac, there’s a lot worse that is possible. That’s not to say that this bug shouldn’t be taken seriously. Apple has already fixed this bug in the beta of its upcoming High Sierra release.

I’d love to join Apple’s QA team. Seriously!

January 11, 2018 ✚ Permalink