According to the folks over at The Next Web, a recent prank played on a group of iOS developers seems to have revealed a limitation in how Apple handles data sent through its iMessage service, which in some cases can crash the app if the incoming message is too long or contains overly complex characters.
Popular developers such as ih8sn0w and Grant Paul were among those targeted by a specific type of denial of service (DoS) attack that overwhelmed their Messages inboxes with a load of automatically-generated transmissions. The two developers believe the messages that were sent to them via the Messages app on OS X with a simple AppleScript affecting the barrage that prompts a victim to constantly clear notifications and text. According to Paul:
Whatís happening is a simple flood: Apple doesnít seem to limit how fast messages can be sent, so the attacker is able to send thousands of messages very quickly.
The real issue that arises with the attack is with the long and/or complex messages that are received. Depending on what is sent, Messages on iOS can crash because it canít process and display the massive amount of data correctly. According to the developers, the app will force itself to close and wonít re-open because it canít properly render the text. As of right now, there isnít any surefire solution to remedy the crashed Messages app.
The publication suggests "playing around with sending a regular message, then locking the phone and activating the message notification until youíre able to time it right to delete the message thread thatís causing the problem. One thing to note is that if the attacker gets a hold of a userís iMessage handle, the only option may be to disable the account temporarily. If a userís phone number is compromised, iMessage as a whole may have to be turned off.
The identity of the attack behind the attacks remains unknown at the moment but the messages appear to have originated from a Twitter account used to sell UDIDs and provisioning profiles. Disposable email accounts were being used to send the spam, making it difficult to simply block the culprit as they can simply open another and continue to bombard you with messages.
Apple hasnít responded to the issue just yet but weíre hoping they will soon.
Source: The Next Web via AppleInsider