An exploit publicly announced yesterday (picture of source page available here – won’t force a crash) shows how a string of Arabic characters can crash applications in OS X 10.8 and iOS 6. The upcoming Apple operating systems, iOS 7 and OS X 10.9, have fixed the bug, but Apple was supposedly notified about this bug six months ago and still has not issued a fix for the current public operating systems.
Jailbreakers are already working to patch the bug over until Apple releases a full fix:
This bug does not work on any other operating systems and does not allow anyone else to access your computer remotely because of it, but being a recipient (or even sender) of these characters may make your Messages app unusable, cause Safari/Chrome to crash, or not allow for scanning of SSIDs (if the string is broadcasted as a Wifi network name).
Back in 2009, iOS 3.0 was vulnerable to an SMS bug that allowed others to remotely execute code on the recipients’ phone. The 3.0.1 update introduced a patch.
Hopefully Apple will be pushing out a security fix in the near future to make sure this exploit doesn’t get too far.
Update: A jailbreak fix has been released that fixes apps that cannot be opened due to the exploit. The patch has not been tested or verified by us and may cause other issues when browsing.