Apple's Taiwanese flag ban leads to iPhone crashes

Remigio Civitarese
Luglio 12, 2018

Here's Apple's support page if you want more information on the new security feature.

At this point, Patrick Wardle boils down the crashing applications to an error in the coding rather than a deliberate bug, but regardless of whether the crashes were intentionally programmed into iOS, the flag censorship certainly was, indicating Apple's willingness to appease the Chinese government.

The bug is specific enough to make anyone suspicious.

Prior to the software update, the baffling bug allowed anyone to crash a vulnerable device by simply sending a text with the Taiwanese flag. English can still be set as the primary language, though.

Apple iOS 11.4.1 brings a USB restricted mode for iPhones, iPads and here's how it will work. Eventually, the researcher was able to figure out that the bug was caused by iOS mishandling how it applied a filter based on location. By observing the phone's memory and system restore files, Wardle managed to extract some of the code libraries. It would also occur upon receipt of a message containing either of these.

Messages sent with the flag instead displayed as a "missing" emoji.

The intended behavior of this code is not to crash your phone, obviously.

After two+ years of being unable to type "Taiwan" or being remotely DOS'd anytime her phone received a Taiwanese flag emoji, the fix (kudos to my friend Josh S. for the idea!), was simply to toggle the region from USA to China, then back to US. In China, messaging apps didn't crash, but would not display the forbidden emoji. Before Apple's fix, changing the iPhone's region could have worked around the bug.

China considers Taiwan as a renegade provice, and does not recognise the sovereignty of the island nation. China claims sovereignty over Taiwan, leading to a great deal of tension that extends even to emoji. These restrictions drove Google to end its Chinese business operations a decade ago.

In a blog post, Wardle explained in deep technical detail how it works. In fact, the full list of security fixes included in the update can be found on the company's website but, of particular interest is the second entry regarding how emoji were handled under certain circumstances.

Altre relazioniGrafFiotech

Discuti questo articolo


Segui i nostri GIORNALE