During their development work on an international news feed, software engineers at Aloha Browser discovered two Unicode symbols in a non-English language that can crash any Apple device that uses Apple’s default San Francisco font.
The bug instigates crashes on iPhones, iPads, Macs and even Watch OS devices that display text containing the symbol on their screens.
When one of the two symbols is displayed in an app, the software crashes immediately. In many cases, the app cannot be reopened and must be reinstalled. TechCrunch was able to recreate this behaviour on two iPhones running an older version of iOS, one iPhone running iOS 11.2.5 and a MacBook Pro running High Sierra.
The bug crashes apps including Mail, Twitter, Messages, Slack, Instagram and Facebook. From our testing, it also crashed Jumpcut, a copy and paste plugin for Mac. While it initially appeared that the Chrome browser for Mac was unaffected and could safely display the symbol, it later crashed Chrome and the software would not reopen without crashing until uninstalled and reinstalled.
According to the team at Aloha Browser, Apple is aware of the bug and it may have been reported by another development team, as well.
This is Apple’s second text bomb headache of the year. In January, software researcher Abraham Masri discovered an iOS glitch that allowed a specific URL to crash any iPhone it was texted to, sometimes resulting in a kernel panic.
In 2016, another bug could crash any iPhone or the Safari browser if a user clicked the URL for CrashSafari.com. In 2015, a so-called “Unicode of Death” could overload an iPhone’s memory using some Arabic characters. Now we’re looking at Unicode of Death 2.0.
The new text bomb could be used to create mass chaos if spammed across an open social platform or used to target individuals via email or messaging. The new bug affects a broad swath of Apple devices and crashes nearly any major app they run, making it particularly destructive if not resolved quickly.