Last few days we reported an important bug in Apple operating systems that will make them crash from mere exposure to either of two specific Unicode signs. These days Apple fixes this major text-handling problem with iOS version 11.2.6 and macOS variation 10.13.3, both available nowadays for install.
The issue, found by Aloha Browser during typical development, is because of poor handling of specific non-English characters. We replicated the behavior, essentially a sudden tough crash, in a variety of applications on both iOS and macOS. The vulnerability is noted on MITRE under CVE-2018-4124. If perhaps you were curious.
Apple was informed of bug and informed TechCrunch a week ago that a fix was forthcoming — actually, it had been already fixed in a beta. But the production version spots just dropped within the last few short while (iOS; macOS). Apple calls the magical figures a “maliciously crafted sequence” that generated “heap corruption.” It seems that macOS variations before 10.13.3 aren’t impacted, anytime you’re operating an adult OS, don’t worry.
The iOS plot also fixes “an problem where some 3rd party applications could fail to connect with outside add-ons,” that is welcome but not related to the text bomb.
You need to be in a position to grab both revisions at this time, and you should, or you’ll probably get pranked in the near future.
Posted at Mon, 19 Feb 2018 21:32:31 +0000