“Taiwan” remote bug crashes messaging apps on iOS 11.3

Simply typing the word “Taiwan” can make your apps crash. Security researcher Patrick Wardle explains why that is the case.

Taiwanese flag emoji can crash your iPhone

As soon as the user types “Taiwan” or receives the Taiwan flag emoji, the messaging app crashes. The remote bug is limited to iOS apps that process remote messages.

Security researcher Patrick Wardle first came across the emoji flag bug when his Taiwanese friend complained that China had hacked her iPhone.

Wardle also posted the following image on his blog that shows this remote bug in action.

Affected versions include iOS 11.3 and below. The latest version iOS 11.4.1 patches this bug (CVE-2018-4290) on all devices.

Patrick was able to figure out a fix for the “Taiwan” bug on all affected versions. It involves toggling the region from the United States to China and then back to the United States once again.

How the “Taiwan” remote bug works

For the uninitiated, Taiwan sees itself as a sovereign nation but China considers the Asian island a part of Chinese territory.

To appease the Chinese higher-ups, Apple decided to censor the word “Taiwan” and the Taiwanese flag on its devices.

But funnily enough, Apple’s appeasement efforts fell flat on their face when the text began crashing users’ devices. Here’s how the bug works –

  • iOS reads the incoming message.
  • The removeEmoji method is invoked if the message contains the Taiwanese flag emoji.
  • The emoji is removed when the region is recognized as China.

As long as the user had set the region as “China”, the method worked just fine. However, once the device went “region-less”, the method couldn’t ascertain the location of the device thus resulting in a crash.

[Source – Objective-See]

Leave a Reply

Share18
Tweet