Dan Goodin* says a security researcher has revealed that a bug that made iPhones crash when the word ‘Taiwan’ was entered was likely caused by code added by Apple to appease the Chinese Government.
The iOS 11.4.1 update Apple released on 9 July was most notable for making it harder for law enforcement to access locked iPhones.
On 10 July, security researcher Patrick Wardle illuminated another fix.
He said his fix addressed code Apple had likely added to appease the Chinese Government; this is the code that caused crashes on certain iDevices when users typed the word “Taiwan” or received messages containing a Taiwanese flag emoji.
“Though its impact was limited to a denial of service (NULL-pointer dereference), it made for an interesting case study of analysing iOS code,” Wardle, a former hacker for the US National Security Agency, wrote in a blog post.
“And if Apple hadn’t tried to appease the Chinese Government in the first place, there would be no bug!”
Wardle, who is now a macOS and iOS security expert at Digital Security, said he was perplexed when a friend first reported her fully patched, non-jailbroken device crashed every time she typed Taiwan or received a message with a Taiwanese flag.
He had no trouble reproducing the remotely triggerable bug, which crashed any iOS application that processed remote messages, including iMessage, Facebook Messenger, and WhatsApp.
Wardle did, however, find that only devices with certain region-specific configurations were affected.
The iPhone’s notorious closed nature made analysing the bug challenging.
It helped to isolate the memory locations that stored a dereferenced null pointer and a faulty instruction that caused it.
Wardle also relied on the iPhone’s restore image to pull some of the code libraries.
He eventually found that the crashes were being caused by code that classified messages based on emojis they contained.
He also noticed that the error seemed to be triggered when iOS had country codes that included China or language settings including Chinese (his friend’s phone specified the region as the US and the language as English, followed by Chinese).
The discovery ultimately led to a simple fix. Wardle explained: “After two+ years of being unable to type ‘Taiwan’ or being remotely DOS’d anytime her phone received a Taiwanese flag emoji, the fix (kudos to my friend Josh S. for the idea!), was simply to toggle the region from US to China, then back to US.”
Wardle traced the likely purpose of the buggy code to documented iOS behaviour that hides the Taiwanese flag from the emoji menu or from being displayed on the screen when the region is set to China.
Apple didn’t respond to an email seeking comment for this post.
Wardle also privately reported the bug to Apple.
The flaw was indexed as CVE-2018-4290 and patched in iOS 11.4.1.
* Dan Goodin is the Security Editor at Ars Technica. He tweets at @dangoodin001.
This article first appeared at arstechnica.com.
