Apple censorship code for China crashed iPhone apps

By

Taiwanese flag emoji denial of service attack.

With the release of iOS 11.4.1 this week, Apple has patched a bug that caused iPhone apps to crash if a user tried to insert the Taiwanese flag emoji, while the locality of their devices was set to China.

Apple censorship code for China crashed iPhone apps
Spot the censored flag.

The bug was discovered by security researcher and developer Patrick Wardle of Digita Security. It meant that for over two years, it was possible to remotely crash iPhones apps by sending messages with the Taiwanese flag emoji.

Wardle was alerted to the bug by a Taiwanese friend who complained that her iPhone messaging apps would crash when she tried to type Taiwan. In recent version of iOS, the typing in a country name also displays the nation's flag emoji.

 

To his amusement, Wardle found that he could crash his friend's apps such as iMessage, Facebook Messenger, and WhatsApp consistently by sending her multiple Taiwanese flags.

An analysis of the bug indicated that it was a NULL pointer dereference, a programming error that will reliably crash any related process.

Wardle went further and discovered the bug was triggered by iOS trying to hide the Taiwanese flag on phones where the location had been set to China.

China considers Taiwan as a renegade provice, and does not recognise the sovereignty of the island nation. The two were technically at war with one another until 1979.

As a result of the strained relations between the two countries, the Taiwanese flag is censored in China. The flag emoji won't display on iPhones that are set to China, with Apple having added code to iOS to hide it and show a blank white box with a X in it.

This code was buggy however. Wardle said that "if Apple hadn't tried to appease the Chinese government in the first place, there would be no bug!"

While Apple did not confirm that the censorship code to hide the Taiwanese flag was done to placate the Chinese government, it acknowledged the bug and assigned a Common Vulnerabilities and Exposures index of CVE-2018-4290 to it, and thanked Wardle for finding it.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
applechinasecuritytaiwan

Sponsored Whitepapers

Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Protect APIs. Protect Your Business.
Protect APIs. Protect Your Business.
KnowBe4 Benchmark Report: Reducing Human Risk & Phishing Vulnerability in ANZ
KnowBe4 Benchmark Report: Reducing Human Risk & Phishing Vulnerability in ANZ
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Saviynt Simplifies GRC and Access Control for SAP and Beyond
Saviynt Simplifies GRC and Access Control for SAP and Beyond

Events

Most Read Articles

Ex-student charged over Western Sydney University cyberattacks

Ex-student charged over Western Sydney University cyberattacks
Home Affairs officer accessed data on "friends and associates"

Home Affairs officer accessed data on "friends and associates"
SA Water plans 'once-in-a-generation' core technology uplift

SA Water plans 'once-in-a-generation' core technology uplift
Sportsbet recruits 'security champions' in shift-left strategy

Sportsbet recruits 'security champions' in shift-left strategy
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?