Google Project Zero<\/a>, the search company’s bug and vulnerability-discovery team, the issue relates to a specific type of malformed message that is sent out to a victim device. As per usual disclosure rules, the bug was held from public view until either 90 days had elapsed or a patch had been made broadly available to the public, with Apple’s release in an iOS 12.3 update fixing the bug and allowing for it to be revealed. <\/p>\nSpecifically, the message contains a property with a key value that is not a string, despite one being expected. Calling a method titled IMBalloonPluginDataSource _summaryText, the method assumes the key in question is a string, but does not verify it is the case. <\/p>\n
The subsequent call for IMBalloonPluginDataSource replaceHandlewithContactNameInString calls for im_handleIdentifiers for the supposed string, which in turn results in a thrown exception. <\/p>\n
While the message can affect both Mac and iPhone, they do so in different ways. For macOS, the error causes “soagent” to crash and respawn, making it a relatively brief issue where, at worst, the Messages app stops working. <\/p>\n
On iPhone, the code is in Springboard, and will repeatedly load, crash, and reload itself to a point that the UI cannot be displayed and the iPhone ceases to respond to input by the user. As the problem survives a hard reset, and starts occurring again after unlocking the iPhone, the only known solution is to reboot into recovery mode and restore the device. <\/p>\n
As part of the disclosure, Google Project Zero has also released instructions to reproduce the issue. <\/p>\n
AppleInsider<\/em> recommends users keep their iPhones up to date where possible, and to retain backups of their devices and stored data. <\/p>\nMalformed messages have been the source of some issues for iMessage users in the past. One major example is the “Black Dot<\/a>” Unicode bug from 2018 that abused invisible characters to crash the app on iPhones and iPads running iOS 11.3. <\/p>\nAnother 2018 “text bomb<\/a>” exploited unoptimized rendering processes for OpenGraph page titles to create excessively long tags, again causing crashes. Another from 2015 used a single line of Arabic script<\/a> to consume iOS resources when rendering, but only when it appeared as a notification. <\/p>\n<\/span><\/p><\/div>\n
![](\"https:\/\/photos5.appleinsider.com\/gallery\/31855-53831-imessage-iphone-x-l.jpg\")