Apple censorship code for China crashed iPhone apps

By

Taiwanese flag emoji denial of service attack.

With the release of iOS 11.4.1 this week, Apple has patched a bug that caused iPhone apps to crash if a user tried to insert the Taiwanese flag emoji, while the locality of their devices was set to China.

Apple censorship code for China crashed iPhone apps
Spot the censored flag.

The bug was discovered by security researcher and developer Patrick Wardle of Digita Security. It meant that for over two years, it was possible to remotely crash iPhones apps by sending messages with the Taiwanese flag emoji.

Wardle was alerted to the bug by a Taiwanese friend who complained that her iPhone messaging apps would crash when she tried to type Taiwan. In recent version of iOS, the typing in a country name also displays the nation's flag emoji.

 

To his amusement, Wardle found that he could crash his friend's apps such as iMessage, Facebook Messenger, and WhatsApp consistently by sending her multiple Taiwanese flags.

An analysis of the bug indicated that it was a NULL pointer dereference, a programming error that will reliably crash any related process.

Wardle went further and discovered the bug was triggered by iOS trying to hide the Taiwanese flag on phones where the location had been set to China.

China considers Taiwan as a renegade provice, and does not recognise the sovereignty of the island nation. The two were technically at war with one another until 1979.

As a result of the strained relations between the two countries, the Taiwanese flag is censored in China. The flag emoji won't display on iPhones that are set to China, with Apple having added code to iOS to hide it and show a blank white box with a X in it.

This code was buggy however. Wardle said that "if Apple hadn't tried to appease the Chinese government in the first place, there would be no bug!"

While Apple did not confirm that the censorship code to hide the Taiwanese flag was done to placate the Chinese government, it acknowledged the bug and assigned a Common Vulnerabilities and Exposures index of CVE-2018-4290 to it, and thanked Wardle for finding it.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
applechinasecuritytaiwan

Sponsored Whitepapers

Futureproof Your Business with Datacom and AMD: Seamless Windows 11 Transition
Futureproof Your Business with Datacom and AMD: Seamless Windows 11 Transition
See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks

Events

Most Read Articles

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound
Australia's super funds told to assess authentication controls

Australia's super funds told to assess authentication controls
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
The Northern Beaches Women's Shelter hones focus on tech-enabled abuse

The Northern Beaches Women's Shelter hones focus on tech-enabled abuse
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?