Meet The “chaiOS” Bug That Can Freeze Your iPhone With A Link

A bug has been discovered in iOS that crashes the iMessage app and can freeze or restart your phone when you’re sent a specially-engineered website link. You don’t even have to click the link for it to affect your phone or even your Mac. Software developer Abraham Masri, the brain behind the bug, gave it the name “chaiOS”.

👋 Effective Power is back, baby!

chaiOS bug:
Text the link below, it will freeze the recipient’s device, and possibly restart it. https://t.co/Ln93XN51Kq

⚠️ Do not use it for bad stuff.
—-
thanks to @aaronp613 @garnerlogan65 @lepidusdev @brensalsa for testing!

— Abraham Masri (@cheesecakeufo) January 16, 2018

So how does this bug work?

iMessage preloads links to webpages when opened so that it can show the users a preview of the page. So Masri, speaking to Buzzfeed News, explained how he created a webpage on GitHub and stuffed its metadata with hundreds of thousands of unnecessary characters. When trying to load all of this unexpected information, iMessage crashes, sometimes taking the entire operating system down with it.

An iPhone X during a media event at Apple’s new headquarters in Cupertino, California. Photo credit: AFP/ Josh Edelson

The bug doesn’t work consistently, as shown by some user reports; it either crashes iMessage, causes lag, freezes the device, or triggers what’s known as a “respring” (when iOS reboots the software called SpringBoard and kicks the user back to the lock screen). ChaiOS only affects versions of iOS from 10.0 to 11.2.5 beta 5 and can also crash iMessage on macOS. Finding working copies of the bug isn’t easy, thankfully as the link, as well as other mirrors of it, have been taken down from GitHub. Masri has also refused to upload the bug, saying he released it to get Apple’s attention.

No, I’m not going to re-upload it. I made my point. Apple needs to take such bugs more seriously.

— Abraham Masri (@cheesecakeufo) January 17, 2018

We hope that Apple is more alert and responsive to issues like this. In the mean time, if someone has sent you a copy of chaiOS and it is affecting your iphone, here are a few fixes you can try:

• Quickly delete the thread the link was sent in, if you can, before the app crashes.
• Block the domain of site hosting it. So, if the link is coming from GitHub, for example, go to your Safari settings, then General > Restrictions > Enable Restrictions > Websites > Limit Adult Content > Never Allow > GitHub.io.
• Backup your iPhone and then reset to factory settings. Note that this is an extreme measure as it’ll delete all your files.
• Wait for a patch. It is expected that Apple will send one out soon enough.