iPhone character entry glitch crashes search, but it's not a bad bug

Posted:
in iOS

A recently discovered bug in iOS and iPadOS has been causing brief and mostly inconsequential crashes when a sequence of characters is typed into specific search fields.

An iPhone displaying a virtual keyboard with a search bar above it, set against a purple background.
A small bug is affecting iOS search



On August 21, 2024, a security researcher reported that typing the characters "":: into the Search bar within the Settings app or the App Library search bar on the home screen would cause the Apple mobile interface, Springboard, to momentarily crash. The device then reloads quickly, returning the user to the lock screen.

Our testing of the bug revealed that typing these characters did indeed cause a quick crash, meaning Settings closed and Spotlight returned to the Home Screen. However, there are mixed results.

We tried it on an iPhone and iPad running the latest iOS 18.1 developer beta and one running iOS 17.6.1. Some people said that only Settings and Spotlight crashed, while others found that it also crashed the App Library. There does not appear to be commonality between what crashes, on which device, running which operating system.

Security researcher Konstantin first shared the news via X.



There's currently no fix for this bug, but it's worth noting that it's not a significant issue. Users can avoid typing these characters into the search bars within the Settings app or the App Library on their iPhones or iPads to escape the problem.

Now that the bug is getting attention, Apple will fix it in some upcoming software update.



Read on AppleInsider

Comments

  • Reply 1 of 7
    mike1mike1 Posts: 3,433member
    OK. I'll try not to do that.
    tokyojimuwatto_cobra
  • Reply 2 of 7
    eriamjheriamjh Posts: 1,748member
    How am I supposed to find my “”::s if I can’t search for them?
    watto_cobra
  • Reply 3 of 7
    Why would someone search for  this and how did they find it in the first place? 
    watto_cobramike1
  • Reply 4 of 7
    Ooo fun 🤩 time to trick people
    watto_cobra
  • Reply 5 of 7
    netroxnetrox Posts: 1,495member
    I was able to replicate the bug in App Library. It's interesting how quickly it reloads though. 
     
    I agree, the bug is not so significant. It's hard to imagine how you would benefit from using that specific string.


    watto_cobra
  • Reply 6 of 7
    sbdudesbdude Posts: 288member
    Who is typing random characters into search bars to come up with this?
    watto_cobra
  • Reply 7 of 7
    dewmedewme Posts: 5,708member
    sbdude said:
    Who is typing random characters into search bars to come up with this?
    It’s not necessarily a “who” but more likely a “what” in the form of software testing tools that employ what’s known as fuzzing or fuzz testing. These tools essentially try to find character sequences that cause a process to crash when using the processes exposed interfaces. 

    Obviously it would take an enormous amount of computing resources to fuzz test something using a black box. Having some knowledge of how the underlying code should work helps constrain the fuzz testing to a smaller range so the number of tests is reasonable in the allotted time. 

    So the answer to your question is that throwing “random characters” at a software interface is a completely rational thing to do in certain cases. I’d imagine that there are a few people who employ fuzzing tools to find bugs in other people’s apps, especially in the security domain. In fact, the characters and character sequences used are likely not as random as the appear. Certain characters, mostly non alphabetical ones, are used as escape characters to instruct a text based parser to interpret to perform more than simply grab the characters as state text. 
    edited August 23 IreneW
Sign In or Register to comment.