A new Unicode text bug is being spread around today, popularised by a video by EverythingApplePro. It’s being called the ‘black dot’ bug because of its origins on Android as a bug relating to WhatsApp: it was being spread with the following emoji: <⚫> 👈🏻. The iOS version of this bug is a bit different in its mechanics, but neither variants actually rely on the visible black dot character to cause the freezes and crashes.
The secret is that the strings contain thousands of hidden invisible Unicode characters, which churns through CPU cycles as the system attempts to process them. If this specially crafted text is sent through Messages, it will result in repeated crashes when the recipient tries to read it.
The text handling issue affects other platforms too, not just iOS. In writing this post, I tried to copy the link to the text and it caused my Mac’s memory usage to spiral out of control, creating a 30 gigabyte swap file in the process. Although currently untested, it makes sense for the same flaw to exist in watchOS and tvOS too.
It seems like the sheer number of invisible characters just causes the text processing engine to spin near indefinitely on processing the string, which then ultimately locks up the wider OS and apps. The bug affects iOS 11.3 and the current iOS 11.4 beta seeds. Now that the problem has been brought into the public limelight, we would expect Apple to release fixes promptly.
You can see a demo in the video below:
If someone sends this to you, is there a workaround? What’s the fix? Until Apple releases new firmware to address the root cause, you just need to find a way to get out of the messages detail screen. You could try force-quitting the Messages app and using 3D Touch to open a New Message pane. You can then backtrack to the main Messages list and delete the malicious conversation thread. You could also go onto another iCloud synced device and delete the message remotely.
Unicode is complicated and diverse. It’s basically impossible for vendors to eliminate all bugs relating to text in a way that retains system performance. Shortcuts, optimisations and obscure parts of the spec all open up possible vectors to exploit. We last saw a bug like this with a string of Teluga characters in February.
For the OS makers like Apple and Google, it’s a constant cat and mouse race. Apple will no doubt be working on a fix in an upcoming software update.
If you are interested in a richer technical explanation of what is going on in this particular case, check out this explanation by Tom Scott.
FTC: We use income earning auto affiliate links. More.
Comments