A new bug has been discovered that involves a nonsensical string of Arabic characters that can crash both iOS and OS X apps. Right now the bug only applies to any browser or application that uses Apple’s CoreText API to render text.
Arstechnica has the full scoop on the bug:
Safari crashes in both OS X 10.8.4 and iOS 6.1.3 when it attempts to read the text string, and rendering the string in the current stable release of Chrome prompts the browser’s typical “Aw snap!” error page (though Chrome’s sandboxing implementation keeps the bug from bringing the whole browser down). Firefox, which uses its own font rendering engine, can display the text just fine. This supports the idea that it’s a CoreText issue and not a problem with any particular application.
The bug has actually been fixed in both iOS 7 and OS X 10.9, there’s no word on whether future updates to iOS 6 or OS X 10.8 will fix the issue for users who can’t or don’t want to upgrade.
Believe it or not this bug isn’t new, it has been around for 6 months and according to security researches “the bug could be used for even more nefarious purposes, such as remotely executing malicious code on a vulnerable device.”
… I think you know where this is going.
Jailbreak developers could theoretically utilize this bug to base an Untethered Jailbreak around for all iOS 6 firmware versions. That is assuming, however, there is more to this bug than just an application crash, which at this time there is no evidence to support.
Update #1: If you have a Jailbroken iPhone, iPod Touch or iPad there is a patch available. Click here to learn more.