Thursday, August 29, 2013

CoreText Bug Allows Specific String to Crash Apps

Matthew Panzarino:

A bug in Apple’s CoreText rendering engine in iOS 6 and OS X 10.8 causes any apps that try to render a string of Arabic characters to crash on sight. The string of characters which can trigger the bug — which was discovered yesterday and has spread around the hacking and coding community — has made its way to Twitter, where even looking at it in your timeline will crash the app.

[…]

The characters were discovered and posted on a Russian site yesterday morning. The site claims that Apple has known about the problem for ‘six months’ and has not reacted. There is some evidence of the string appearing on Twitter back in February. The posting includes a request to click the crash report button on any apps affected and report it to Apple.

Sounds like this bug, though it’s in a different OS subsystem. It’s apparently fixed in Mavericks and iOS 7.

ArsTechnica and Hacker News have additional coverage.

Update (2013-09-08): Chris Williams explains the buffer overrun (via Nicolas Seriot):

If we open libvDSP (located deep within the /System/Library/ filesystem hierarchy of your computer) in the rather handy reverse-engineering tool Hopper, we can look at the compiled machine code that blew up. See the screenshot below: the faulting instruction 117462 bytes in, or 1cad6 in hex, is highlighted.

Update (2013-09-13): This seems to be fixed in Mac OS X 10.8.5.

Comments RSS · Twitter

Leave a Comment