DoS attack on iOS and OSX for WebKit engine.

A new exploit in Apple iOS and OSX has been found which crashes any application which contains certain characters of Arabic text.It crashes applications running on iOS and OSX that uses WebKit engine. But I have seen that same character set does not crash WebKit application on different platform. So we can be assured that the bug is of Apple not WebKit engine as a whole. (I tested Google Chrome on Linux)

Versions effected are, iOS 6 , 7 beta and iOS< 6 ,Mac OS X 10.8

Version not effected Mac OSX 10.9 beta and OSX<10.8

This fatal error can be reproduced if

  • You send text message to your iPhone with the set of characters.
  • You sen iMessage to Mac of iPhone.
  • Those set of characters are displayed on applications like browser.
    On Mac,I tested on Safari which crashed the whole Safari browser, but while on Google Chrome it only crashed the tab where the link was opened. In case you were wondering Firefox did not crash.If you are feeling adventurous and want to test which applications will crash the you can head to this link. Note this may crash your browser, if it does not then you will see the set of arabic characters.

Google Chrome crash

Exploit Link: http://zhovner.com/tmp/killwebkit.html (Warning it may crash your WebKit browser) , copy paste the link I have deliberately not hyperlinked as to stop people from accidentally clicking it.