Apple updates all its operating systems to address Indian Telugu crash

EnlargeSamuel Axon

Apple has released software updates for all four of its consumer operating systems—iOS, watchOS, tvOS, and macOS—to tackle an issue that allowed usage of the Indian Telugu character to cause those devices to crash.

The updates are labeled iOS 11.2.6, watchOS 4.2.3, tvOS 11.2.6, and macOS High Sierra 10.13.3 Supplemental Update, and they're all available to download on supported devices right now.

The update notes for each release include the same key bullet point:

Fixes an issue where using certain character sequences could cause apps to crash

Additionally, the iOS 11.2.6 update notes have the following additional change listed:

Fixes an issue where some third-party apps could fail to connect to external accessories

A few days ago, people began to realize and spread that a certain character specific to the Indian Telugu alphabet could lead to a heap corruption if that character was received in a message, encountered in a document, or pasted into a text field. Some people began trolling by posting the character to Twitter and elsewhere to cause Apple device users to experience app crashes.

This was Apple's official note on the solution for all platforms in its security hubs for each:

Impact: Processing a maliciously crafted string may lead to heap corruption.

Description: A memory corruption issue was addressed through improved input validation.

CVE-2018-4124: an anonymous researcher

The updates do not add any new features to any of the platforms and offer no other security updates. The previous updates to these platforms were also bug fixes, but the iOS update had a little more to it. iOS 11.2.5 and macOS 10.13.3 primarily addressed "an issue that could cause Messages conversations to temporarily be listed out of order." iOS 11.2.5 additionally expanded support for the recently released Apple HomePod and added some Siri features that had been developed for that device.

Original Article

[contf] [contfnew]

Ars Technica

[contfnewc] [contfnewc]

Show More

Related Articles

Back to top button