Update (27 May, 16.30):

An Apple spokesperson has responded to our queries: "We are aware of an iMessage issue caused by a specific series of unicode characters and we will make a fix available in a software update."

Original article:

A bug in iOS can see the Messages app crash and iPhones automatically reboot when they receive a certain text message.

While Apple is yet to comment on the issue, many iPhone users on social media are highlighting the problem, with some spreading the particular text string that can be sent to someone in order to force their phone to crash, while others are wondering why their iPhones are randomly crashing and rebooting.

After multiple attempts, IBTimes UK has been able to replicated the bug on an iPhone 6 (running iOS 8.3) by sending a message to an iPhone 6 Plus (also running iOS 8.3).

The text string, written partly in Arabic, is just the latest example of this bug affecting Apple's iOS, with a similar bug back in 2013 affecting both iOS 6 and Mac OS X 10.8.

The flaw can be exploited due to the way iOS renders Arabic text. Mark James, a security specialist at ESET explains the problem:

"This bug manifests itself when banner notifications are switched on for SMS messages and then displayed on your phone. The resulting action (SMS display) is not able to be fully displayed, thus a reboot is the only option."


One way of protecting yourself from getting sent the malicious text is to turn off banner notifications in the iOS settings menu.

James adds that issues like this bug have been around for a long time:

"These type of "bugs" have been around since the birth of operating systems (OS). When the OS tries to interpret something it cannot understand or fully achieve it has a few options open to it. One of those options is a reboot. I am sure we have all had our desktop machines reboot after a seemingly random event has triggered the dreaded reboot. These mobile computers we call phones today have the same core instructions - if all else fails then reboot."

The bug allows anyone who knows the particular text string to maliciously crash and reboot someone else's iPhone as long as they know their phone number. While the bug does not cause any long-term damage to the receiver's smartphone or give anyone access to details stored on the phone, it is nonetheless a rather pernicious flaw.

Tim Erlin, from security company Tripwire says that while the bug may initially appear somewhat inconsequential, it does present the possibility to be used for much more malicious purposes:

"This is essentially a remote denial of service vulnerability, using SMS as the vector. The ability to remotely disable someone's iPhone could be useful in targeted attacks. Imagine if an organisations information security team was suddenly unable to communicate while an attack on their organisation was being carried out. There are likely other ways to exploit this vulnerability, though it's unclear if they might be useful to attackers. The libraries used for parsing text are unlikely to be specific to the messaging app, and so the issue may appear in other places. Time will tell if security researchers or Apple discover them first."

Some users report that after they are sent the text message, they are no longer able to reopen their Messages app without the cycle or crash and reboot starting again. The only way to stop the problem is to get the person who sent the message in the first place to send another message, or wait for someone else to send a new one.

A user could take things into their own hands, though, and send a message to themselves through Siri or from a Mac if they have one linked to their Apple ID. Some users have reporting that sending a message can break the cycle.

IBTimes UK has asked Apple for a comment on this issue but at the time of publication has not received a response.