An iMessage bug fixed in iOS 12.3 blocked the iPhone until it was restored

With each version of iOS, Apple corrects errors and bugs that affect its devices. With iOS 12.3, launched last April, the company Fixed a bug that left the device locked. This was reported by Natalie Silvanovich, a Google Project Zero worker, through the website of this initiative.

Erase and restore the device as the only solution

As they reveal in AppleInsider, it's about a bug from iMessage which is activated upon receiving a specific message. From the report created by Silvanovich:

The method – (IMBalloonPluginDataSource individualPreviewSummary) in IMCore can throw an NSException due to a malformed message containing the IMExtensionPayloadLocalizedDescriptionTextKey property with a value that is not an NSString. This method calls (IMBalloonPluginDataSource _summaryText) that returns the property assuming it is a "string", but this is not checked.

The calling method then calls – (IMBalloonPluginDataSource replaceHandleWithContactNameInString 🙂 which in turn calls imhandleIdentifiers in the NSString, which is actually an NSNumber that throws an exception since the selector does not exist for that class.

This error has different effects on a Mac and an iPhone. On the Mac, it causes the soagent he crashee and relance. But on the iPhone just do it with the springboard. For this reason, error loops and cannot be solved with a complete erase of the device.

The only apparent solution is to restart the device in recovery mode and restore it. If you are interested in bug, on the website of Google Project Zero You can follow the instructions to reproduce it.

Another reason to keep your devices up to date

The publication of this bug occurs more than month and a half after its solution through an update. The dates that are handled in this story are the following:

  • April 19: Silvanovich reports on bug through its Google Project Zero platform. At that moment we understand that Apple is also communicated.
  • May 13: Apple launches iOS 12.3 under this error and several ms. Bugs and security errors are not disclosed an.
  • July 3: Apple publishes on its website the security contents of iOS 12.3, making the corrected errors public.

The reason that errors are not made public at the same time iOS 12.3 is launched is For security. In this way, prudential time is given for the update to be downloaded and installed on a significant number of devices and thus minimize its possible exploitation.

Privacy and Machine Learning, important innovations of Apple in iOS 13 and other systems

As a general rule, these types of errors have a publication date of 90 days from their discovery (and notification to the responsible company). Once that time has elapsed or a patch has been released, it becomes public.

Again, we meet one more reason to keep Apple devices updated. Even small versions can fix several bugs suddenly. With iOS 12.3, Apple has solved more than twenty bugs, of which about eight have been found by Google Project Zero staff.

Share An iMessage bug fixed in iOS 12.3 blocked the iPhone until it was restored