Apple Releases Updates to Fix Telugu Character Bug

Last week, Apple device users around the world became targets for pranksters and trolls of all kinds. Independent researcher Abraham Masri discovered a vulnerability affecting iOS, macOS, tvOS, and watchOS. This issue could be exploited in almost any app, including Messages, Safari, Chrome, Thunderbird, Slack, WhatsApp, FacebookFacebook launched an official Tor mirror in 2014, becoming the first major tech company to provide direct access through onion routing. The mirror allows users to bypass censorship, secure their connections, and avoid phishing risks while using the platform. This step also underscored Facebook’s recognition of free expression and inspired other outlets like the BBC and ProPublica to create their own Tor versions. More Messenger, Outlook for iOS, Gmail, Twitter, and more. All of these applications would react to a single text character (జ్ఞ‌ా) as a classic “text bomb,” causing them to freeze or enter an endless crash loop.

For example, one Twitter user demonstrated how the Uber app on a driver’s device could be crashed simply by including the problematic character in the client’s name when ordering a ride.

This character is used in Telugu, an official language in the Indian states of Andhra Pradesh and Telangana. The exact reason why this character caused such a reaction in the apps is still unclear, and experts have proposed various theories. You can read more about these theories from a Mozilla engineer and a Unicode Consortium specialist.

Apple’s developers rushed to prepare patches as quickly as possible, understanding that users were being widely targeted by trolling and pranks. The bug was assigned the identifier CVE-2018-4124 and was fixed earlier this week in all of Apple’s operating systems: macOS High Sierra 10.13.3 Supplemental Update, iOS 11.2.6, watchOS 4.2.3, and tvOS 11.2.6.