“Google’s Project Zero discovered the flaw could not be resolved without a complete reset of the affected iPhone”
Google has disclosed a new flaw that it discovered in Apple’s iOS under the Google Project Zero initiative. With Project Zero, Google detects and intimates companies about flaws and glitches in the internet ecosystem, which can range from the low-priority bugs to critical flaws. In iOS, Google’s Project Zero team discovered a bug in the iMessages application, which would use a malicious character string to cause an exception, and thereby cause the entire iOS system to crash.
Not just this, in iOS, the system would keep on crashing repeatedly even after a reboot, once the passcode was entered. As a result, it could not be resolved until the software was hit reset. The reason for this is that the bug affected Springboard in iOS, which powered the iOS home screen. The bug also affected macOS, but on the desktop form factor, it would be temporarily fixed once the system was rebooted. While not potentially threatening in terms of monetary loss, such a bug would keep an affected user locked out of their phone for an infinite loop, unless they agreed to reset their device and, hence, lost all data.
Thankfully, the glitch was patched by Apple back in May itself, when it released the iOS 12.3 update. The patch arrived well before Google’s 90-day gestation period with Project Zero. As per policy, once a bug is discovered, Google informs the relevant company about it and then gives it a period of 90 days, after which the search giant makes the issue public. As revealed with this issue that was disclosed yesterday, the move helps companies respond spontaneously to flaws in their software, and release patches promptly.
In the past few months, Apple faced quite a few bugs on iOS, most notable among which was the FaceTime app that allowed users to tune in to a recipient’s audio even if they did not receive the call. While Apple is typically responsive and prompt in patching flaws, it perhaps adds perspective to how software glitches and security threats have grown in frequency over the past few years, and how bug bounty programmes are almost essential for software firms now.