iOS developers found vulnerabilities in iMessage, an instant messenger service developed by Apple, that allow cybercriminals to perform denial-of-service attacks or completely block the operating system of the device.
According to The Next Web, the attacks, which appear to have originated with a Twitter account involved in selling UDIDs, resulted in Mac OS X and iOS-based devices being disrupted.
One flaw lets execution of DoS-attack, for which an attacker has to enter the victim’s data into a simple AppleScript, rapidly fill up the iMessage app with text, forcing a user to constantly clear both notifications and messages.
Grant Paul, one of developers of the iOS, said: “What’s happening is a simple flood: Apple doesn’t seem to limit how fast messages can be sent, so the attacker is able to send thousands of messages very quickly.”
In order to use the second vulnerability the attacker has to create a massive or overloaded with Unicode characters that force a browser to render ‘Zalgo’ text. These messages won’t be transmitted by the system. Every time the system is rebooted, it will try reloading the message, failing to unblock the device.
Apple representatives did not comment on the security incident so far.