Text bombs have been around for a long time on iPhones, but this time it’s a serious one, as it can only be fixed with a full device wipe that would obviously lead to data loss too.
The discovery was made by the Google Project Zero team, which has previously reported critical issues in a lot of other products, including Microsoft’s very own Windows operating system.
The bug was found in April, and as per the group’s policy, a public disclosure would have only been possible if Apple fixed the bug or after 90 days.
Fortunately, this time Apple shipped a fix in iOS 12.3, so all details are now available, including steps to reproduce the bug.
Patch already available
Specifically, Google’s Project Zero engineers discovered that sending a malformed message via iMessage to an iPhone or Mac leads to various issues on these devices.
On the Mac, for instance, receiving the malicious message can crash the soagent, but users can recover by relaunching the service.
Things are far worse on the iPhone, where the bug causes the Springboard to crash and fail to reload. Rebooting the device doesn’t help either, as the issue reappears after unlocking the iPhone. Google says the only way to resolve the problem is to completely wipe the device with Find My iPhone, put it in recovery mode and update via iTunes, or remove the SIM card and go out of Wi-Fi range to wipe the device.
Devices where iMessage is disabled are not impacted, as receiving the crafted message wouldn’t have any impact.
Since a patch is already available in iOS 12.3, all users are recommended to update their devices as soon as possible in order to make sure they are protected. Given the steps to reproduce the issue are already available out there, don’t be too surprised if the number of people using this to brick other iPhones as a prank skyrockets overnight.